b"                                                                                  \xe2\x98\x85\n                                                                                                         \xe2\x98\x85\xe2\x98\x85\nInspector General\xe2\x80\x99s\nStatement\n\nI  n looking back at the reporting period, three priority\nissues come to mind, each deserving serious consideration:\n                                                             While there are positive signs that human capital activ-\n                                                             ities are indeed ongoing throughout the Corporation, I\n                                                             urge increased attention to this issue given the\n                                                             Corporation\xe2\x80\x99s current state of flux. As we discuss later\n        \xe2\x80\xa2 Corporate Downsizing,\n                                                             in this semiannual report, the strategies that the\n                                                             Corporation is currently pursuing will be most effec-\n        \xe2\x80\xa2 Human Capital, and\n                                                             tive if they are centralized, focused, and sustained. The\n                                                             Corporation\xe2\x80\x99s Human Resources Committee and the\n        \xe2\x80\xa2 Information Security.\n                                                             recruitment of a human capital professional as\n                                                             Associate Director of the Human Resources Branch of\nThe past 6 months at the Federal Deposit Insurance\n                                                             the Division of Administration are steps in the right\nCorporation (FDIC) have been marked by dramatic\n                                                             direction towards achieving this goal.\ncorporate downsizing, streamlining, and restructuring\nas the Corporation continues to reinvent itself under\n                                                             The Office of Inspector General (OIG) will continue to\nthe leadership of Chairman Donald Powell. The\n                                                             emphasize this view in the months ahead and offer\nCorporation\xe2\x80\x99s overall streamlining efforts included\n                                                             assistance to the Corporation as it builds on the corner-\nmerging four divisions into two, an action that is esti-\n                                                             stones discussed above. The OIG must lead by exam-\nmated to save nearly 300 positions and $35 million per\n                                                             ple, and we are in the process of doing so. The OIG\xe2\x80\x99s\nyear. The streamlining is also intended to increase\n                                                             participation in the FDIC's early retirement and buyout\noperational efficiencies and empower employees\n                                                             program and other attrition will result in the separa-\nthrough the delegation of increased authority and\n                                                             tion of 54 employees, or 25 percent of our April 2002\nresponsibility to lower levels within the organization.\n                                                             staff level. We also closed our San Francisco office dur-\nAs part of overall savings, the Corporation\xe2\x80\x99s approved\n                                                             ing the reporting period. We understand the need to\nfield management restructuring plan is estimated to\n                                                             effectively manage the corresponding changes in our\nsave $23.5 million over 5 years. As of September 30,\n                                                             organization and processes. We also recognize the\n2002 its 2002 buyout/retirement incentive program had\n                                                             impact of organizational upheaval on the individuals\nachieved a reduction of 699 staff and $80 million pro-\n                                                             comprising our current workforce. Mindful of this,\njected savings in future operating costs. Additional\n                                                             during the reporting period we issued the final version\nstaff departures are anticipated in 2003. Looking\n                                                             of our Human Capital Strategic Plan. I fully support\nahead, the Corporation anticipates a staffing level of\n                                                             this plan. It incorporates input received from OIG staff,\napproximately 5,380 by December 31, 2006. Current\n                                                             the GAO, and another OIG. Workforce analysis; com-\nstaff totals 5,500. In light of so many fundamental\n                                                             petency investments; leadership development; and a\nchanges, each with ramifications to thousands of FDIC\n                                                             results-oriented, high-performance culture are at its\nemployees and the work they carry out in pursuit of\n                                                             core. We are currently developing a technical knowl-\nthe FDIC mission, some key questions must be asked.\n                                                             edge inventory tool and will be working to develop key\n                                                             competencies for our occupational series to align our\nIs the Corporation placing sufficient emphasis on\n                                                             recruiting, training, and professional development\nhuman capital concerns? Is it developing an integrated\n                                                             efforts with the OIG mission.\nhuman capital framework that evidences leadership\ncommitment to human capital management; strategic\n                                                             Turning now to the issue of Information Security.\nhuman capital planning; acquiring, developing, and\n                                                             Information, much of which is sensitive, is a critical\nretaining talent; and a results-oriented organizational\n                                                             corporate resource that must be protected. Information\nculture\xe2\x80\x94all cornerstones of human capital management\n                                                             and analysis on banking, financial services, and the\naccording to the U.S. General Accounting Office (GAO)?\n\n\n\n\n 2                                                                                                            1\n\x0ceconomy form the basis for the development of public        operations. In keeping with the security program\npolicies and promote public understanding of and con-       being implemented throughout the Corporation, we\nfidence in the nation\xe2\x80\x99s financial system. Sound infor-      named an information security officer, formed an advi-\nmation resources management is essential to the suc-        sory committee with representatives from each OIG\ncessful accomplishment of the FDIC\xe2\x80\x99s mission, goals,        component, published \xe2\x80\x9ce-security tips\xe2\x80\x9d for OIG staff,\nand objectives. Based on our work this year related to      drafted new security-related policies, and identified\nthe Government Information Security Reform Act              priority information security areas for future focus. We\n(GISRA), we concluded that the Corporation had estab-       will continue to devote attention to these issues inter-\nlished and implemented management controls that             nally and will also work closely with the Corporation\nprovided limited assurance of adequate security over        to further its efforts to implement a comprehensive\nits information resources.                                  information security program that provides reasonable\n                                                            assurance of adequate security for its information\nThe FDIC had made progress in addressing a number           resources.\nof security problems identified in our 2001 report. For\nexample, it enhanced its risk management program,           And finally, I am again compelled to address an unre-\ndeveloped a security awareness program, improved            solved matter related to the FDIC\xe2\x80\x99s organizational lead-\nsecurity controls in the mainframe environment, and         ership. In past semiannual report statements I have\nstrengthened its disaster recovery and business conti-      voiced concern that the Corporation has been operat-\nnuity planning and incident response tracking and           ing with key vacancies on its Board of Directors, a con-\nreporting. However, we concluded that in 3 of 10 key        dition that I believe is to the Board\xe2\x80\x99s detriment and that\nmanagement control areas evaluated, (Contractor             fails to ensure the independence of the FDIC. First, the\nSecurity, Capital Planning and Investment Control, and      position of Vice Chairman has been vacant since\nPerformance Measurement), the FDIC had no assur-            January 2001. On October 3, 2002, the Senate Banking\nance that adequate security had been achieved. In a         Committee held confirmation hearings regarding the\nfourth area\xe2\x80\x94Security Act Responsibilities and               nomination of Director John Reich to be Vice\nAuthorities\xe2\x80\x94we highlighted opportunities for the FDIC       Chairman of the FDIC. As of the date of this statement,\nto strengthen the accountability and authority of one of    he had not yet been confirmed.*\nits most important leadership positions related to infor-\nmation security\xe2\x80\x94the Chief Information Officer (CIO).        Second, I am concerned not only that Director Reich is\nWe provided Chairman Powell a list of 10 actions in         awaiting confirmation as Vice Chairman, but also that\npriority order to address the concerns we identified in     a vacancy exists on the Board because one of the three\nour review. Chief among those, we advocated appoint-        FDIC Director positions has remained unfilled since\ning a permanent CIO, ensuring that the CIO reports          September 1998. While several names have been sent\ndirectly and solely to the Chairman, and filling key        forward for consideration, no definitive action has\nvacancies in the Division of Information Resources          taken place to select a third FDIC Board Member.\nManagement that support information security initia-        Given the make-up of the five-member Board, com-\ntives and operations.                                       prised of the Chairman of the FDIC, two FDIC\n                                                            Directors, the Comptroller of the Currency, and the\nFor its part, as referenced later in our semiannual         Director of the Office of Thrift Supervision, the OIG\xe2\x80\x99s\nreport, during the reporting period, in addition to our     position is that the balance between various interests\nGISRA-related work, the OIG participated in a number        implicit in the Board\xe2\x80\x99s structure is preserved only\nof meetings and exchanges governmentwide to tackle          when all Board positions are filled. Thus, I reiterate my\ninformation security issues. The OIG has also focused       position that it is critical\xe2\x80\x94especially at this juncture in\nattention on information security matters in its internal   the FDIC\xe2\x80\x99s history, that a full Board be in place to pro-\n                                                            *Following Senate confirmation on November 12, 2002, President George W. Bush\n                                                            appointed Director Reich Vice Chairman of the FDIC on November 15.\n\n\n 2                                                                                                                                 3\n\x0cvide the Corporation the strong, sustained leadership    has appointed new senior leadership since our last\nneeded to meet the Corporation\xe2\x80\x99s many challenges.        semiannual report. Patricia Black, former Counsel to\n                                                         the Inspector General is now Deputy Inspector\nThe FDIC Chairman himself has recently offered a         General, and Fred Gibson, who has been serving as\ndaunting challenge to the entire regulatory community,   Acting Counsel, was recently named Counsel to the\na challenge that will likely warrant FDIC Board atten-   Inspector General. Pat and Fred are eminently quali-\ntion and input. Speaking recently about the future of    fied to assume these new responsibilities. I am count-\nregulatory agencies, the Chairman noted:                 ing on their assistance and sound legal advice and\n                                                         counsel as I continue to lead our organization and\n \xe2\x80\x9cWe\xe2\x80\x99ve seen amazing dynamism and innovation             serve the FDIC at this critical time in its history.\n in banking over the last 20 years. Yet we keep\n in place a regulatory system rooted in an era\n\n\n\n\n                                                         \xe2\x98\x85\n that is truly gone with the wind\xe2\x80\xa6Despite the\n convergence, efficiencies, and economies of scale\n achieved by the industry, the regulatory commu-         Gaston L. Gianni, Jr.\n nity is still mired in a confusing web of compet-       Inspector General\n ing jurisdictions, overlapping responsibilities,        October 31, 2002\n and cumbersome procedures. I know we can do\n better.\xe2\x80\x9d\n\n\n\n\n                                                                        \xe2\x98\x85\nThe Chairman\xe2\x80\x99s proposed overhaul of financial\nservices regulation would put in place three federal\nregulators. These entities would oversee the banking\nindustry, the securities industry, and those companies\nthat choose an optional federal insurance charter. In\nline with his proposed revamping of the regulatory\nagencies, the Chairman announced that the FDIC\nwould be conducting a major study over the next year\non the future of banking in America. He has invited a\nnumber of parties to join the FDIC in developing a\nnew and better structure for a new financial age. The\nFDIC Board could have a significant role to play in\nthe debate that the Chairman has launched. Only\nwith a full complement of Members can the Board\nprovide maximum input to that debate and fully carry\nout its corporate governance responsibilities.\n\nOf additional note with respect to the FDIC\xe2\x80\x99s leader-\nship, the Corporation named Steven O. App as its new\nChief Financial Officer during the reporting period.\nMr. App formerly served as the Deputy Chief Financial\nOfficer at the Department of the Treasury. The OIG\nlooks forward to continuing to work with him to\naddress issues of mutual interest. Similarly, the OIG\n\n\n\n\n 4\n\x0cTa b l e o f Co n t e n t s\n           Inspector General\xe2\x80\x99s Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2\n           Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7\n           Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9\n           Major Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11\n           Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33\n           OIG Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45\n           Reporting Terms and Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54\n           Appendix I: Statistical Information Required by the Inspector\n\n\n\n\n+\n                               General Act of 1978, as amended . . . . . . . . . . . . . . . . . . . . . . . . . . . .56\n           Abbreviations and Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64\n\n\n           Tables\n           Table 1: Significant OIG Achievements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50\n           Table 2: Nonmonetary Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50\n\n\n           Figures\n           Figure 1: Products Issued and Investigations Closed . . . . . . . . . . . . . . . . . . . . . .53\n           Figure 2: Questioned Costs/Funds Put to Better Use . . . . . . . . . . . . . . . . . . . . . .53\n           Figure 3: Fines, Restitution, and Monetary Recoveries\n                           Resulting from OIG Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53\n\n\n\n\n                                                                                                                                   5\n\x0c                                                                                   \xe2\x98\x85\n                                                                                                         \xe2\x98\x85\xe2\x98\x85\nOverview\nMajor Issues                                                the Savings Association Insurance Fund, an action that\nThis section of our report focuses on key challenges        the OIG supports.\nconfronting the FDIC as it works to accomplish its\n                                                            Turning attention to the Corporation\xe2\x80\x99s more \xe2\x80\x9copera-\nmission. In the OIG\xe2\x80\x99s view, these major issues fall into\n                                                            tional\xe2\x80\x9d demands, the use of IT at the FDIC is crosscut-\ntwo broad categories. First, the Corporation faces chal-\n                                                            ting and absolutely essential to the Corporation\xe2\x80\x99s\nlenges related to its core mission of contributing to the\n                                                            accomplishment of its mission. IT must be effectively\nstability and public confidence in the nation\xe2\x80\x99s financial\n                                                            and efficiently used to achieve program results corpo-\nsystem by insuring deposits, examining and supervis-\n                                                            rate-wide. The Corporation must also continue to\ning financial institutions, and managing receiverships.\n                                                            develop an enterprise architecture process to manage\nSuch challenges sometimes involve significant policy\n                                                            technology, applications, and technical infrastructure\ndecisions and are often influenced by external factors\n                                                            for the Corporation. It also needs to follow sound sys-\nsuch as industry events, economic trends, activities of\n                                                            tem development procedures and comply with IT prin-\nother federal banking regulators, consumer concerns,\n                                                            ciples espoused by legislation and regulation. A criti-\nand congressional interest.\n                                                            cal priority is ensuring that effective controls are in\nSecond, a number of important operational matters           place and implemented to ensure information system\nrequire the Corporation\xe2\x80\x99s attention as its workforce        security, mitigate risks, and protect IT resources.\nactually carries out the corporate mission. These           Given the extent of the FDIC\xe2\x80\x99s contracting activities,\nissues touch on, for example, information technology        strong controls and vigilant contractor oversight are\n(IT) resources and security, contracting activities,        also critical to the Corporation's success. Contracting\nhuman capital concerns, cost efficiencies, performance      must be done in a fair and cost-effective manner. The\nmeasurement and accountability, and physical security.      Corporation\xe2\x80\x99s contract oversight mechanisms must\n                                                            protect the FDIC\xe2\x80\x99s financial interests and help ensure\nIn our prior semiannual report, we identified a new         that the FDIC is actually receiving the goods and serv-\nemerging issue\xe2\x80\x94that of the Quality of Bank Financial        ices for which it is spending millions of dollars.\nReporting and Auditing. This emerging risk potentially\naffects the FDIC in its role as regulator, receiver, and    Major downsizing over the past years has impacted the\ninsurer. We update the OIG\xe2\x80\x99s and the Corporation\xe2\x80\x99s          FDIC workplace, and during the reporting period more\nefforts to address this issue in this semiannual report.    occurred. In addition to losing staff, the Corporation\n                                                            has merged groups and streamlined its organizational\nWith respect to the major issues relating to the            structure. As a result of these activities, the\nCorporation\xe2\x80\x99s core mission, the FDIC must address           Corporation has lost leadership and, in some cases,\nrisks to the insurance funds in a complex global bank-      expertise and historical knowledge. The Corporation is\ning environment that continues to experience change         taking steps to compensate for these resource losses\nand offer expanded services. At the same time, the          and must build on ongoing initiatives to develop a\nCorporation is charged with effectively supervising         comprehensive, integrated approach to human capital\nfinancial institutions and carefully protecting con-        issues. It has established a Human Resources\nsumers\xe2\x80\x99 rights. A Board of Directors operating at full      Committee and must continue to focus attention on\nstrength is essential to lead the Corporation as it faces   human capital concerns in light of such significant\nsuch challenges. Without a full Board, the Corporation\xe2\x80\x99s    recent organizational change and additional resource\nindependence cannot be guaranteed. As the Corporation       challenges to come.\nmoves forward, deposit insurance reforms will continue\nto be debated and deliberated by the banking industry\nand the Congress. One aspect of such reform involves\nthe possible merger of the Bank Insurance Fund and\n\n\n\n\n                                                                                                            7\n\x0cIn light of changes in the banking industry, advances in        card fraud, and misrepresentations regarding FDIC\ntechnology, and such dramatic shifts in staffing and skill      insurance. Our report also highlights efforts of OIG\nlevels, the Corporation has been closely scrutinizing its       agents who received the Attorney General\xe2\x80\x99s Award for\nbusiness processes and their associated costs in the inter-     Distinguished Service. Some of the investigations\nest of identifying operational efficiencies. Among other        described reflect work we have undertaken in partner-\nactivities, its Supervision Process Redesign, New Financial     ship with other law enforcement agencies and with the\nEnvironment, focus on e-business, and plans to relocate         cooperation and assistance of a number of FDIC divi-\nmany D.C.-based staff to Virginia Square in the future have     sions and offices. To ensure continued success, the\ngenerated ideas for such efficiencies and are positive steps.   OIG will continue to work collaboratively with FDIC\n                                                                management, U.S. Attorneys\xe2\x80\x99 Offices, the Federal\nUnder the provisions of the Government Performance              Bureau of Investigation, and a number of other law\nand Results Act with its emphasis on accountability,            enforcement agencies (see pages 33-44).\nthe Corporation establishes goals, measures perform-\nance, and reports on its accomplishments for all of             OIG Organization\nthese major issues and their corresponding challenges.\n                                                                The OIG Organization section of our report highlights\nWith respect to a more recent concern, largely as a             several key internal initiatives that we have actively\nresult of the events of September 11, 2001, one year ago        pursued during the reporting period. The OIG\xe2\x80\x99s inter-\nwe added the major issue of Ensuring Security of the            nal focus has been on realigning resources in light of\nFDIC\xe2\x80\x99s Physical and Human Resources to our list of              significant downsizing of staff and planning for the\nmanagement challenges. Our report discusses actions             challenges of the future. Our Human Capital Strategic\nthat the Corporation as taken to address these areas.           Plan is an important driver of that activity. This section\n                                                                of our report also references some of the cooperative\nOur Major Issues section discusses the OIG\xe2\x80\x99s complet-           efforts we have engaged in with management during\ned and ongoing/planned work to help the Corporation             the reporting period. These include making presenta-\nsuccessfully confront these major issues and their              tions at corporate conferences and meetings and pro-\nassociated challenges. We discuss areas where we                viding technical assistance to corporate management\nidentified opportunities for improvements and the rec-          in determining whether FDIC policies ensure that\nommendations we made in those areas. We identified              accounting and auditing contractors comply with the\npotential monetary benefits of $2.1 million and made            U.S. General Accounting Office\xe2\x80\x99s new independence\n73 nonmonetary recommendations during the report-               standards. We note the proposed or existing laws and\ning period. Our work targets all aspects of corporate           regulations reviewed during the past 6 months, refer to\noperations and includes a number of proactive                   litigation and other efforts of OIG Counsel, and also\napproaches and cooperative efforts with management              capture some of our other internal initiatives this\nto add value to the FDIC (see pages 11-32).                     reporting period. In keeping with our goal of measur-\n                                                                ing and monitoring our progress, we visually depict\nInvestigations\n                                                                significant results over the past five reporting periods\nThe operations and activities of the OIG\xe2\x80\x99s Office of            (see pages 45-53).\nInvestigations are described beginning on page 33 of\nthis report. As detailed in the Investigations section,\n                                                                Appendixes\nthe Office of Investigations is reporting fines, restitu-       We list the Inspector General Act reporting require-\ntion, and recoveries totaling approximately $820 mil-           ments and define some key terms in this section. The\nlion. Cases leading to those results include investiga-         appendixes also contain much of the statistical data\ntions of bank fraud, theft of government funds, credit          required under the Act (see pages 56-63).\n\n\n\n\n 8\n\x0c                                                                                   \xe2\x98\x85\n                                                                                                         \xe2\x98\x85\xe2\x98\x85\nHighlights\n\xe2\x98\x85 The Office of Audits issues 22 reports containing         the U.S. General Accounting Office (GAO) and Office\n  total questioned costs of $556,535 and a memoran-         of Management and Budget.\n  dum identifying funds put to better use of $1.6 mil-\n  lion.                                                   \xe2\x98\x85 The OIG issues its Government Information Security\n                                                            Reform Act report, concluding that the Corporation\n\xe2\x98\x85 OIG reports include 73 nonmonetary recommenda-            had established and implemented management con-\n  tions to improve corporate operations and activities.     trols that provided limited assurance of adequate\n  Among these are recommendations to strengthen             security over its information resources. While\n  security over FDIC information systems, improve the       progress had been made in addressing previously\n  effectiveness of the offsite review program, develop      identified weaknesses, in 3 of 10 key management\n  additional policy for and better capture and track        control areas evaluated (Contractor and Outside\n  Gramm-Leach-Bliley Act-related activities, and            Agency Security, Capital Planning and Investment\n  enhance the asset valuation review process.               Control, and Performance Measurement), the FDIC\n                                                            had no assurance that adequate security had been\n\xe2\x98\x85 OIG investigations result in 14 indictments/informa-      achieved. Our report also highlighted opportunities\n  tions; 17 convictions; and approximately $820 mil-        for the Corporation to strengthen the accountability\n  lion in total fines, restitution, and other monetary      and authority of its Chief Information Officer posi-\n  recoveries. Approximately $819 million of that            tion.\n  amount represents court-ordered restitution and is\n  not an amount that has been collected.                  \xe2\x98\x85 The OIG and GAO continue their joint effort to audit\n                                                            the Corporation's financial statements. The OIG and\n\xe2\x98\x85 The OIG\xe2\x80\x99s participation in the FDIC\xe2\x80\x99s early retire-       GAO agree that the OIG will commit three staff\n  ment and buyout program and other attrition will          members to perform the receivables from bank/thrift\n  result in the separation of 54 employees. All OIG         resolutions and receivership receipts audit work.\n  components adjust to reductions through staff reor-       One staff member will assist with information sys-\n  ganizations and modifications in operational              tems testing. The OIG is developing a multi-year\n  processes.                                                strategy for performance of the information systems\n                                                            audit requirements starting in 2003.\n\xe2\x98\x85 Office of Audits reorganizes around five operational\n  directorates: Resolution, Receivership, and Legal       \xe2\x98\x85 OIG counsel litigates 11 matters during the reporting\n  Affairs; Insurance, Supervision, and Consumer             period and provides advice and counsel on a num-\n  Affairs; Information Assurance; and Resource              ber of issues.\n  Management. A fifth directorate, Corporate\n  Evaluations, performs corporate-wide and other          \xe2\x98\x85 The OIG reviews and comments on one proposed\n  evaluations.                                              federal regulation and 22 proposed FDIC policies\n                                                            and directives and responds to 13 requests under the\n\xe2\x98\x85 The OIG issues its Human Capital Strategic Plan for       Freedom of Information Act and Privacy Act.\n  2002-2006 outlining four objectives relating to work-\n  force analysis; competency investments; leadership      \xe2\x98\x85 The OIG coordinates with and assists management\n  development; and a result-oriented, high-perform-         on a number of initiatives, including a joint project\n  ance culture.                                             with the Office of Internal Control Management and\n                                                            the Division of Administration to ensure that\n\xe2\x98\x85 The OIG focuses audit and evaluation work on infor-       accounting and auditing contractors comply with\n  mation security matters through such projects as          GAO's new independence standards, coordination\n  issuance of the 2002 Government Information               with the Division of Supervision and Consumer\n  Security Reform Act evaluation report, presentations      Protection (DSC) on its Process Redesign II project,\n  at governmentwide meetings, and coordination with\n\n\n\n                                                                                                          9\n\x0c  and Office of Investigations and Office of Audits      \xe2\x98\x85 The OIG completes its annual review of the FDIC\xe2\x80\x99s\n\n\n\n\n                                                                              \xe2\x98\x85\n  executives\xe2\x80\x99 participation at the DSC Field Office        Internal Control and Risk Management Program,\n  Supervisor meetings.                                     concluding that the program complied with policy\n                                                           and was consistent with the Federal Managers\xe2\x80\x99\n\xe2\x98\x85 The OIG accomplishes a number of internal office         Financial Integrity Act provisions.\n  initiatives, including completion of a comprehensive\n  plan for downsizing and restructuring, issuance of     \xe2\x98\x85 The OIG issues the results of its evaluations of the\n  Office of Audits\xe2\x80\x99 Fiscal Year 2003 Assignment Plan,      adequacy of the physical security of FDIC facilities in\n  establishment of an information security program,        headquarters and other selected sites.\n  and outreach activity to various banking organiza-\n\n\n\n\n \xe2\x98\x85\n  tions on OIG operations.                               \xe2\x98\x85 As Vice Chair of the President\xe2\x80\x99s Council on Integrity\n                                                           and Efficiency, the Inspector General leads the\n\xe2\x98\x85 Four OIG Special Agents are among an 11-member           Inspector General community\xe2\x80\x99s activities designed to\n  team that receives the Attorney General\xe2\x80\x99s Award for      facilitate agency efforts related to the President\xe2\x80\x99s\n  Distinguished Service for their exemplary work in        Management Agenda. These include work in the\n  the investigations and prosecutions relating to the      financial management, government performance,\n  failure of Keystone Bank, Keystone, West Virginia.       information technology, and human capital arenas.\n\n\n\n\n\xe2\x98\x85\n10\n\x0c                                                                                    \xe2\x98\x85\n                                                                                                          \xe2\x98\x85\xe2\x98\x85\nMajor Issues\n                                                              The FDIC and the banking industry are experiencing\n        Major Issues at the FDIC                              significant and rapid change. We believe a number of\n                                                              issues associated with these challenges are deserving\nIn the interest of improving federal performance govern-      of special attention at this time.\nment-wide, the Senate Governmental Affairs Committee\nhas asked Offices of Inspector General to identify the most   Organizational Leadership\nsignificant management challenges facing their agencies.      Strong leadership has always been vital to the success\nAt the FDIC, our office has identified and previously         of the banking and financial services industry. The\nreported these challenges or major issues as follows:         FDIC Board is comprised of five directors, including\n                                                              the FDIC Chairman, two other FDIC directors, the\n\xe2\x80\xa2   Organizational Leadership                                 Comptroller of the Currency, and the Director of the\n\xe2\x80\xa2   Addressing Risks to the Insurance Funds                   Office of Thrift Supervision. All are presidential\n\xe2\x80\xa2   Supervising Insured Institutions                          appointees. At the FDIC, during the 1990s, one or\n                                                              more presidentially appointed positions on the Board\n\xe2\x80\xa2   Protecting Consumer Interests\n                                                              of Directors frequently were vacant.\n\xe2\x80\xa2   Deposit Insurance Reform\n\xe2\x80\xa2   Managing Information Technology                           Additionally, the Board position of Vice Chairman has\n\xe2\x80\xa2   Ensuring Sound Controls and Oversight of                  been unfilled since January 2001. John Reich, cur-\n    Contracting Activities                                    rently a Director on the Board, has been nominated to\n\xe2\x80\xa2   Establishing Goals and Measuring Results                  serve as Vice Chairman, and his confirmation hearing\n\xe2\x80\xa2   Addressing Human Capital Issues                           occurred on October 3, 2002. Notwithstanding his\n\xe2\x80\xa2   Containing Costs and Assessing Business                   potential confirmation, a Board vacancy still exists.\n    Processes                                                 The Board has operated with an FDIC Director\n\xe2\x80\xa2   Ensuring Security of Physical and Human                   vacancy since September 1998.\n    Resources                                                 The FDIC is the independent regulator of a significant\n                                                              portion of the nation\xe2\x80\x99s banking system as well as the\nIn our previous semiannual report, we discussed a new\n                                                              only federal insurer of deposits wherever they are\nissue that has potential impact on the FDIC in its role as\n                                                              placed in our nation\xe2\x80\x99s banks. As a corporation\nregulator, insurer, and receiver: the Quality of Bank\n                                                              governed by its Board of Directors, the vital balance\nFinancial Reporting and Auditing. We update progress in\n                                                              between various interests implicit in the Board\xe2\x80\x99s struc-\nthis area in this semiannual report. The Corporation has a\n                                                              ture is preserved only when all vacancies are filled.\nnumber of ongoing programs and initiatives in place to\n                                                              Accordingly, we have strongly urged that vacancies on\naddress all of these challenges, and we continue to work\n                                                              the FDIC's Board be filled as promptly as practicable in\nin partnership with the Corporation on these major issues.\n                                                              order to afford the FDIC the balanced governance and\n                                                              sustained leadership essential to the agency's contin-\nConsistent with the concept of the Reports Consolidation\n                                                              ued success.\nAct, the Corporation will be consolidating financial and\nperformance reports for 2002 reporting.                       We cite organizational leadership as a major issue fac-\n                                                              ing the Corporation based on our belief that to handle\nThe OIG will be updating its major issues and will provide    the challenges and issues facing the Corporation, par-\ninput on the most serious management and performance          ticularly in a regulatory environment that may change\nchallenges facing the Corporation for consideration in the    dramatically in the future, a Board of Directors operat-\nFDIC's 2002 reporting.                                        ing at full strength must be in place.\n\n\n\n\n                                                                                                              11\n\x0cAddressing Risks to the\n                                                                  Focus on Bank Insurance Fund\nInsurance Funds\nA primary goal of the FDIC under its insurance pro-\n                                                                    Designated Reserve Ratio\ngram is to ensure that its deposit insurance funds              The Federal Deposit Insurance Act, Section 7(b),\nremain viable. Achieving this goal is a considerable\n                                                                Assessments, requires the FDIC Board of Directors to\nchallenge, given that the FDIC supervises only a por-\n                                                                set semiannual assessments for insured depository\ntion of the insured depository institutions. The identifi-\ncation of risks to non-FDIC supervised institutions             institutions if the required reserve ratio of the insur-\nrequires coordination with the other federal banking            ance fund balance to estimated insured deposits falls\nagencies. The FDIC engages in an ongoing process of             below 1.25 percent.\nproactively identifying risks to the deposit insurance\nfunds and adjusting the risk-based deposit insurance            As of March 31, 2002, the Bank Insurance Fund (BIF)\npremiums charged to the institutions. The Division of           reserve ratio was at 1.23 percent, the first time it had\nFinance completes the final phase of this ongoing               fallen below 1.25 percent since 1995. By June 30,\nprocess by collecting the premium assessments.                  2002, the BIF reserve ratio was at 1.26 percent, slight-\n                                                                ly above the statutorily mandated designated reserve\nAlthough the FDIC has a continuous program to                   ratio for the deposit insurance funds. If the BIF ratio\nensure the viability of the deposit insurance funds,            is below 1.25 percent, the FDIC Board of Directors\nrecent trends and events continue to pose additional\n                                                                must charge premiums to banks that are sufficient to\nrisks to the funds. The economic landscape changed\n                                                                restore the ratio to the designated reserve ratio within\ndramatically following the events of September 11,\n2001, and the potential exists for an increased number          1 year.\nof bank failures. Additionally, the environment in\n                                                                Mindful of this significant issue, the OIG will be con-\nwhich financial institutions operate is evolving rapidly,\nparticularly with the acceleration of interstate banking;\n                                                                ducting related work during the upcoming months.\nnew banking products and asset structures; electronic\nbanking; and consolidations that may occur among the\nbanking, insurance, and securities industries resulting       OIG Completes Superior Bank-Related Reviews\nfrom the Gramm-Leach-Bliley Act (GLBA).                       In our previous semiannual report, we reported on a\n                                                              series of reviews that we had conducted based on a\nBank mergers have created \xe2\x80\x9cmegabanks,\xe2\x80\x9d or \xe2\x80\x9clarge              congressional request from Senator Paul Sarbanes,\nbanks\xe2\x80\x9d (defined as institutions with assets of over           Chairman of the Senate Committee on Banking,\n$25 billion), and, for many of these institutions, the        Housing, and Urban Affairs, related to the failure of\nFDIC is not the primary federal regulator. As of              Superior Bank, FSB, Hinsdale, Illinois.\nMarch 31, 2001, there were 38 megabanks in the coun-\ntry. Of the $5.3 trillion consolidated assets controlled by   Upon the failure of Superior Bank, the Office of Thrift\nthe 38 megabanks, the FDIC was the primary regulator          Supervision closed the institution on July 27, 2001. At\nfor only $162.5 billion in 3 institutions. The megabanks      the time of closure, Superior had total assets of $2.2 bil-\ncreated as a result of mergers and the new or expanded        lion and total deposits of $1.6 billion. The FDIC was\nservices that the institutions can engage in under GLBA       named conservator and transferred the insured\nare presenting challenges to the FDIC. The failure of a       deposits and substantially all of the assets of Superior\nmegabank, for example, along with the potential closing       to Superior Federal, FSB (New Superior), a newly char-\nof closely affiliated smaller institutions, could result in   tered, full-service mutual savings bank. The failure of\nhuge losses to the deposit insurance funds.                   Superior was one of the costliest of all recent failures.\n                                                              The FDIC\xe2\x80\x99s most recent loss estimate is $440 million.\nDuring the reporting period, the Corporation selected\ndesignated onsite examiners to enhance the FDIC\xe2\x80\x99s\nrisk monitoring of the eight largest insured institutions.\n\n\n\n\n12\n\x0cDuring the reporting period, we completed the last of our      GLBA activities with other regulatory agencies;\nseries of audits related to the Superior Bank failure\xe2\x80\x94an       (2) DOS procedures had been updated to address the\naudit of the Division of Resolutions and Receiverships\xe2\x80\x99        restrictions and safeguards in GLBA; and (3) DOS was\n(DRR) marketing efforts for the deposit liabilities, assets,   identifying banks that are directly or indirectly\nand principal product groups of New Superior.                  engaged in GLBA activities. We concluded that DOS\n                                                               had established coordination arrangements with other\nWe determined that DRR effectively marketed                    regulatory agencies but needed an updated agreement\nSuperior\xe2\x80\x99s deposit liabilities and assets to maximize the      for information sharing with the Securities and\nreturn to the conservatorship. The FDIC, as the receiv-        Exchange Commission (SEC). DOS had also updated\ner, transferred deposit liabilities totaling $1.5 billion      or created related policies and procedures to address\nand assets totaling $2 billion to New Superior. We             most of the GLBA provisions covered in our review\nreviewed the sale of the deposit liabilities and approxi-      although some additional guidance was needed in the\nmately 65 percent of the assets. DRR awarded the               area of related organizations. Also, while the FDIC\nsales to the highest bidders in all sales we reviewed,         had access to Federal Reserve System data on financial\nexcept for one security sale. We were unable to deter-         holding companies, DOS information systems did not\nmine whether DRR selected the highest bidder for the           identify banks that were directly or indirectly engaged\none security sale, because of insufficiencies in the sale      in GLBA-affected activities.\nfile documentation.\n                                                               We made four recommendations to DSC related to\nOIG Reviews the FDIC\xe2\x80\x99s Implementation                          developing information-sharing procedures in con-\nof GLBA Provisions                                             junction with the FDIC Legal Division and the SEC,\nSigned into law on November 12, 1999, GLBA reverses            expediting policy revisions, and enhancing information\nmany of the barriers between banking and commerce              systems and databases to better capture and track\nerected by the Glass-Steagall Act of 1933 and is the           GLBA-related activity. DSC is taking action to address\nmost extensive reform of financial services regulation         all recommendations.\nin over 60 years. GLBA also affects how various bank\nand affiliate activities are regulated and examined.           Supervising Insured Institutions\nGLBA eliminates many federal and state barriers to             The FDIC shares supervisory and regulatory responsi-\naffiliations among banks and securities firms, insur-          bility for approximately 9,480 banks and savings insti-\nance companies, and other financial services                   tutions with other regulatory agencies including the\nproviders. Financial organizations are provided flexi-         Board of Governors of the Federal Reserve System, the\nbility in structuring these new financial affiliations         Office of the Comptroller of the Currency, the Office of\nthrough a holding company structure or a financial             Thrift Supervision, and state authorities. The FDIC is\nsubsidiary. The Federal Reserve System remains the             the primary federal regulator for 5,417 federally\n\xe2\x80\x9cumbrella\xe2\x80\x9d supervisor for holding companies, but               insured state-chartered commercial banks that are not\nGLBA also incorporates \xe2\x80\x9cfunctional regulation\xe2\x80\x9d to use          members of the Federal Reserve System, which\nthe strengths of the various federal and state financial       includes state non-member banks, including state-\nsupervisors. Increased affiliation between state non-          licensed branches of foreign banks and state-chartered\nmember banks and other financial services providers            mutual savings banks. The challenge to the\nengaged in expanded activities\xe2\x80\x94in a new functional             Corporation is to ensure that its system of supervisory\nregulation environment\xe2\x80\x94poses risks to the FDIC and             controls will identify and effectively address financial\nthe Bank Insurance Fund.                                       institution activities that are unsafe, unsound, illegal,\nWe conducted an audit that focused on three of the             or improper before the activities become a drain on the\nGLBA's seven titles to determine whether: (1) the              insurance funds.\nDivision of Supervision (DOS), now known as the\nDivision of Supervision and Consumer Protection\n(DSC), had established coordination arrangements for\n\n\n\n\n                                                                                                               13\n\x0cEmerging trends and new developments in the bank-\ning industry require the DSC to identify and assess            Joint Evaluation of the Federal\nrisks from such activities as:\n                                                                   Financial Institutions\n \xe2\x80\xa2 subprime lending;                                                Examination Council\n \xe2\x80\xa2 declining underwriting standards for commercial           We collaborated with the Offices of Inspector General\n   real estate lending;                                      of the Department of the Treasury and the Board of\n \xe2\x80\xa2 rapid changes in bank operations between safety           Governors of the Federal Reserve System (FRB) to\n   and soundness examinations;                               conduct a review of the Federal Financial Institutions\n                                                             Examination Council (FFIEC). The FFIEC is a formal\n \xe2\x80\xa2 the growth of information technology and its              interagency body empowered to prescribe uniform\n   increasing impact on payment systems and other            principles, standards, and report forms for the federal\n   traditional banking functions;                            examination of financial institutions by the FRB, FDIC,\n                                                             National Credit Union Administration, Office of the\n \xe2\x80\xa2 fraudulent activities, which have contributed             Comptroller of the Currently (OCC), and Office of Thrift\n   significantly to bank failures in recent years; and       Supervision (OTS) and to make recommendations to\n \xe2\x80\xa2 expanded banking activities permitted by                  promote uniformity in the supervision of financial\n   the GLBA.                                                 institutions.\n\nFurther, DSC may have to reevaluate the concepts of          We issued a report concluding that the FFIEC is\nrisk, capital, and asset valuation in light of ever devel-   accomplishing its legislative mission of prescribing\noping investment products and methods.                       uniform principles, standards, and report forms and\n                                                             is achieving coordination between the banking agen-\nThe FDIC has worked to increase the efficiency of the\n                                                             cies. Further, most officials stated that the FFIEC\xe2\x80\x99s\nbank examination process designed to identify and\nassess these risks. Its Process Redesign efforts are         role and mission were appropriate going forward and\nongoing. Additionally, the Corporation reported in its       should not be expanded because of the Gramm-\n3rd quarter Letter to Stakeholders that for the year-to-     Leach-Bliley Act. Notwithstanding, some officials\ndate, it had completed 485 expedited examinations of         indicated that the FFIEC could accomplish its mission\nwell-managed/well-capitalized banks under $250 mil-          more effectively. The Council has discussed a num-\nlion, resulting in a reduction of the average examina-       ber of measures to improve FFIEC effectiveness,\ntion time on these institutions of more than 20 percent.     including having the principals more actively involved\nWith the possibility of a serious economic downturn,         in FFIEC matters and developing annual goals, objec-\nand in light of the magnitude of FDIC corporate reor-\n                                                             tives, and work priorities for the task forces.\nganization and downsizing, DSC must continue to\nassess its size and the mix of expertise and skills in its   The FRB, OTS, OCC, and FDIC provided written com-\nworkforce to ensure sufficient capacity for addressing       ments on a draft of the report. The FRB, OCC, and\nincreased risks. Considering the lead-time for develop-\n                                                             FDIC responses concurred with the report\xe2\x80\x99s overall\ning new commissioned examiners, the FDIC needs to\nensure the examination workforce will be adequate for        conclusions. The OTS\xe2\x80\x99s response did not specifically\nhandling potential problems and bank failures.               comment on the overall conclusions but raised sever-\n                                                             al points that we clarified in the final report. A\nOIG Reviews Offsite Rating Tool                              detailed summary of the various agency comments is\nDuring 1998, the FDIC implemented a new offsite rat-         included in the final report.\ning tool, the Statistical CAMELS Offsite Rating (SCOR)\nreview, to more effectively and efficiently monitor risk\n\n\n\n\n14\n\x0cto the banking and thrift systems. SCOR uses quarterly                             The FDIC\xe2\x80\x99s Assessment of Corrective Action Work\nReports of Condition and Income (Call Reports)1 to                                 Performed by Third-Party Contractors\nidentify institutions that could potentially receive a                             One of the Corporation\xe2\x80\x99s annual performance goals for\ndowngrade in their CAMELS ratings at their next                                    2002 is that prompt supervisory actions are taken to\nsafety and soundness examination. To do this, SCOR                                 address problems identified in institutions identified as\nuses statistical techniques to estimate the relationship                           problem insured depository institutions and that the\nbetween Call Report data and the results of the latest                             Corporation monitor these institutions\xe2\x80\x99 compliance with\nexamination and estimates the probability of an institu-                           formal and informal enforcement actions. Corrective\ntion being downgraded at the next examination.                                     actions are agreements (informal) or legally enforceable\n                                                                                   orders (formal) that the FDIC may institute against a\nWe completed an audit to determine the effectiveness\nof SCOR as an early warning system and to assess\nactions taken by the DSC in response to early warning                                  Asset Valuation Review Process\nflags identified by SCOR. The audit was conducted\nnationwide and included a sample of banks from all                                       for Sinclair National Bank\nFDIC regional offices.\n                                                                                      We audited the FDIC\xe2\x80\x99s asset valuation review (AVR)\nWe concluded that the effectiveness of the SCOR                                       process for Sinclair National Bank, which failed on\nreview program in detecting potential deterioration in                                September 7, 2001. The Division of Resolutions and\nthe financial condition of insured depository institu-                                Receiverships\xe2\x80\x99 (DRR) AVR process resulted in a rea-\ntions, as presently implemented, was limited. SCOR                                    sonable estimate of the overall value for the assets\nhad not identified emerging supervisory concerns or\n                                                                                      of Sinclair. We found that 28 of the 68 individual\nprovided early warnings of potential deterioration at\nthe majority of financial institutions we reviewed.                                   Sinclair asset valuations that we tested contained\nFurther, case managers were placing limited reliance                                  significant misstatements, defined as valuation dis-\non SCOR as an early warning system.                                                   crepancies that exceeded or could have exceeded 10\n                                                                                      percent of the FDIC\xe2\x80\x99s final AVR price for the individ-\nOur report contained three recommendations intended                                   ual asset. However, the net dollar impact of these\nto improve the SCOR offsite review program. First, we                                 errors, when the revised valuations were incorporat-\nrecommended that DSC assess the usefulness of SCOR\n                                                                                      ed into the Standard Asset Value Estimation process,\nas an early warning system as it is currently being\n                                                                                      was less than 1 percent of the total AVR price of\nimplemented. If DSC determines that SCOR should\ncontinue as part of the offsite monitoring program, we                                $21.6 million for all the Sinclair assets.\nrecommended that DSC revise SCOR procedures to\n                                                                                      While the individual valuation discrepancies for the\nrequire that the DSC case manager analyses be per-\nformed within shorter timeframes than allowed by the                                  Sinclair resolution were not large in relation to the\ncurrent procedures. We also recommended that DSC                                      total AVR price for all assets, they stemmed from\ninstruct case managers to more often recommend                                        procedural weaknesses that could result in larger\nonsite activity or other interactions with the institution                            dollar losses on the disposition of individual assets\nas a follow-up action for those institutions flagged by                               in future resolutions. We also identified other weak-\nSCOR that also have previously identified management                                  nesses that could result in unnecessary costs to the\nweaknesses.                                                                           FDIC in future resolutions if not corrected.\nDSC concurred with each of the three recommenda-                                      Thus, while the process was generally effective, we\ntions and took corrective action in response.                                         recommended additional controls to help DRR main-\n                                                                                      tain the accuracy of the AVR process results and\n                                                                                      recover the highest value for failing institutions.\n                                                                                      DRR was responsive to all recommendations.\n1\n Call Reports are sworn statements of a bank\xe2\x80\x99s financial condition that are sub-\nmitted to supervisory agencies quarterly in accordance with federal regulatory\nrequirements. Call Reports consist of a balance sheet and income statement and\nprovide detailed analyses of balances and related activity.\n                                                                                                                                      15\n\x0cfinancial institution or individual respondent to correct      tions relating to the administrative, technical, and\nnoted safety and soundness or compliance deficiencies.         physical safeguards of consumer records and informa-\nDuring the reporting period we conducted an audit to           tion. The Federal Financial Institutions Examination\ndetermine whether work performed by third-party con-           Council has issued guidance summarizing procedures\ntractors for FDIC-supervised institutions met the require-     for examining compliance with the regulation. Our\nments of corrective actions instituted by the FDIC\xe2\x80\x99s DOS.\n                                                               audit work will address whether privacy examinations\nWe concluded that the FDIC accepted work performed by          are conducted in accordance with applicable GLBA\nthird parties as meeting the requirements of the correc-       provisions and corrective actions are taken in a timely\ntive actions instituted by the Corporation, and third-party    manner when banks do not comply.\nwork was completed within established timeframes.\nAlso, DOS reviewed the corrective actions to ensure their      Deposit Insurance Reform\ncompleteness in addressing the underlying safety and           In October 2001, Chairman Powell testified on deposit\nsoundness concerns. We made no recommendations in              insurance reform before the Subcommittee on\nthis report.                                                   Financial Institutions and Consumer Credit, Committee\n                                                               on Financial Services, U.S. House of Representatives.\nProtecting Consumer Interests                                  The Chairman recommended the merger of the Bank\nThe FDIC is legislatively mandated to enforce various          Insurance Fund (BIF) and the Savings Association\nstatutes and regulations regarding, for example, consumer      Insurance Fund (SAIF), charging risk based premiums\nprotection and civil rights with respect to state-chartered,   to all institutions, allowing insurance funds to build or\nnon-member banks and to encourage community invest-            shrink around a target or range, establishing assess-\nment initiatives by these institutions. Some of the more       ment credits based on past contributions, and indexing\nprominent laws and regulations in this area include the        insurance coverage and raising the insurance on\nTruth in Lending Act, Fair Credit Reporting Act, Real          retirement accounts.\nEstate Settlement Procedures Act, Fair Housing Act, Home\nMortgage Disclosure Act, Equal Credit Opportunity Act,         The FDIC views these recommendations as interrelat-\nand Community Reinvestment Act of 1977.                        ed and believes they should be implemented as a pack-\n                                                               age because piecemeal implementation could intro-\nThe Corporation accomplishes its mission related to            duce new distortions and aggravate the problems that\nfair lending and other consumer protection laws and            the recommendations are designed to address. During\nregulations primarily by conducting compliance exam-           the reporting period, on May 22, 2002, deposit insur-\ninations, taking enforcement actions to address unsafe         ance reform legislation, based on the FDIC\xe2\x80\x99s recom-\nor unsound banking practices and compliance viola-             mendations, passed the House of Representatives. The\ntions, encouraging public involvement in the compli-           Corporation also continued to pursue its case for com-\nance process, assisting financial institutions with fair       prehensive deposit insurance reform in speeches,\nlending and consumer protection compliance through             banker outreach sessions, and visits to other Members\neducation and guidance, and providing assistance to            of Congress.\nvarious parties within and outside of the FDIC. During\nthe reporting period the Corporation made progress             While conceptually the recommendations appear to the\nimplementing its adult financial education curriculum,         OIG to be sound, we have not done work related to all\n\xe2\x80\x9cMoney Smart,\xe2\x80\x9d nationwide.                                     of them. Based on work to date, the OIG strongly sup-\n                                                               ports merging the funds.\nIn the area of consumer protection, the OIG has\nplanned an audit of the implementation of GLBA priva-          Chairman Powell has noted the unanimity within the\ncy provisions. GLBA requires banking agencies to               banking community on this particular point. Today, as\nestablish appropriate standards for financial institu-         a result of bank mergers and acquisitions, many insti-\n\n\n\n\n16\n\x0ctutions hold both BIF- and SAIF-insured deposits,           \xe2\x80\xa2   Provide an IT Infrastructure that Works\nobscuring the difference between the funds. The                 Everywhere, All the Time.\nresulting merged fund would not only be stronger and\nbetter diversified but would also eliminate the concern     \xe2\x80\xa2   Improve the Efficiency and Effectiveness of IT\nabout a premium disparity between the BIF and the               Management.\nSAIF. Assessments in the merged fund would be based\non the risk that institutions pose to the single fund.     The plan is updated every year based on DIRM manage-\nThe prospect of different prices for identical deposit     ment planning conferences, client input, changes in the\ninsurance coverage would be eliminated. Also, insured      overall business planning process and priorities, and\ninstitutions would no longer have to track their BIF       new technology developments. Accomplishing IT goals\nand SAIF deposits separately, resulting in cost savings\nfor the industry.                                                         OIG Participates on\nWe will continue to monitor deposit insurance reform,                       EBISS Project\nas changes in this area will impact the way the FDIC\noperates and how our office can best support the FDIC           A member of the OIG\xe2\x80\x99s audit staff participated in a\nin pursuit of its mission.                                      group focusing on Network Vulnerability Scanning\n                                                                Tools (NVSTs) under the Executive Branch\nManaging Information Technology                                 Information Systems Security (EBISS) committee.\nAs the Corporation works to contribute to the stability         EBISS was established by the President\xe2\x80\x99s Critical\nand public confidence in our nation\xe2\x80\x99s financial system,         Infrastructure Protection Board. Our representative,\ninformation technology (IT) continues to play an                along with seven other government and industry\nincreasingly greater role in every aspect of the FDIC           representatives, completed a report and made the\nmission. As corporate employees carry out the FDIC\xe2\x80\x99s            following recommendations to the EBISS committee.\nprincipal business lines of insuring deposits, examining\nand supervising financial institutions, and managing            \xe2\x80\xa2 Mandate the use of NVSTs for all federal\nreceiverships, they rely on information and correspon-            agencies.\nding technology as a critical resource. Information and\nanalysis on banking, financial services, and the econo-         \xe2\x80\xa2 Establish a hybrid centralized/decentralized\nmy form the basis for the development of public poli-             approach: centralized procurement, decentral-\ncies and promote public understanding and confidence              ized execution, and centralized reporting.\nin the nation\xe2\x80\x99s financial system.\n                                                                \xe2\x80\xa2 Establish, formalize, and promulgate minimum\nIn early 1998, the Corporation\xe2\x80\x99s Division of Information          standards for NVST evaluation and usage (based\nResources Management (DIRM) and the other FDIC                    on the National Institute of Standards and\ndivisions laid out an IT strategy to address the next             Technology Special Publication 800-42, Draft\n3-5 years and articulated five IT strategic goals:                Guideline on Network Security Testing).\n\n \xe2\x80\xa2   Make Customer Satisfaction Our Primary Measure             \xe2\x80\xa2 Assign a central entity with the responsibility to\n     of Success.                                                  maintain a list of NVSTs that meet the minimum\n                                                                  standards described above.\n \xe2\x80\xa2   Improve Corporate Business Processes and\n     External Relationships Through the Use of                  This report is significant because the actions recom-\n     Technology.                                                mended would improve the security and reliability of\n                                                                the government\xe2\x80\x99s critical networks.\n \xe2\x80\xa2   Manage Information for the Corporation.\n\n\n\n\n                                                                                                                17\n\x0cefficiently and effectively requires significant expendi-    \xe2\x98\x85 E-Business. The FDIC is actively pursuing e-busi-\ntures of funds and wise decision-making and oversight          ness relationships both with the institutions it\non the part of FDIC management. The Corporation's              insures and with the vendor community that pro-\n2002 IT budget is approximately $192.5 million.                vides goods and services to the Corporation. It is\n                                                               making FDICconnect available to more than 9,000\nThe Corporation must constantly evaluate technologi-\n                                                               insured institutions. FDICconnect is an e-business\ncal advances to ensure that its operations continue to\n                                                               channel between the FDIC and its insured institu-\nbe efficient and cost-effective and that it is properly\n                                                               tions and allows for the direct exchange and sharing\npositioned to carry out its mission. The capabilities\n                                                               of information over the Internet.\nprovided by IT advances, such as paperless systems,\nelectronic commerce, electronic banking, and the             \xe2\x98\x85 Information security program improvements.\ninstantaneous and constant information-sharing                 The Corporation continues to develop and imple-\nthrough Internet, Intranet, and Extranet sources, also         ment an information security program to address\npose risks to the Corporation and the institutions that it     identified weaknesses. Several areas of focus are\nregulates and insures. Many of the risks are new and           enhancing security performance measurement and\nunique. Solutions to address them are sometimes diffi-         contractor and external security.\ncult and without precedent.\n                                                             \xe2\x98\x85 Enterprise Architecture. A new enterprise archi-\nIn addition to technological advances that assist the          tecture process will be introduced to manage tech-\nCorporation in its mission, the Corporation must con-          nology, applications, and technical infrastructure for\ntinue to respond to the impact of laws and regulations         the Corporation. The new enterprise architecture\non its operations. Management of IT resources and IT           process will be integral to corporate and IT planning\nsecurity have been the focus of several significant leg-       and should provide a corporate view of and future\nislative acts, such as the Government Performance and          direction for business processes, information, appli-\nResults Act and the Paperwork Reduction Act. The               cations, and infrastructure. It will also provide the\nGovernment Information Security Reform Act (GISRA)             standards and procedures to be followed whenever a\nrequires the OIG to conduct an annual evaluation of            new information system is built.\nthe FDIC's information security controls. We complet-\ned our second such review during the reporting period,       Our work in the IT area during the reporting period\nas discussed in more detail below.                           focused principally on our reporting responsibility under\n                                                             GISRA and related assignments, as discussed below.\nAccording to the 2002 Annual Performance Plan, the\nCorporation will continue to be engaged in several           OIG Reports GISRA Results\nmajor technology initiatives during the remainder of         The most significant report that we issued in the IT\n2002. These include the following:                           area was our GISRA report entitled Independent\n                                                             Evaluation of the FDIC's Information Security\n\xe2\x98\x85 New Financial Environment. The FDIC is work-               Program\xe2\x80\x942002.\n  ing to replace core components of its financial sys-\n  tem and anticipates that the new financial environ-        GISRA requires annual agency program reviews of\n  ment will improve business processes by adopting           information security by agency program officials, in\n  the best practices built into software packages, sim-      consultation with Chief Information Officers, and\n  plify and consolidate financial systems applications       annual independent evaluations by agency Inspectors\n  and data, enhance efficiency by automating manual          General. Our first such evaluation report, entitled\n  work, maximize e-business opportunities, and pro-          Independent Evaluation of the FDIC\xe2\x80\x99s Information\n  vide better decision-making to ensure continuity of        Security Program Required by the Government\n  financial operations.                                      Information Security Reform Act, was issued in\n                                                             September 2001.\n\n\n\n18\n\x0cThe objective of our 2002 review was to evaluate the                                 recognized standard setting organizations, such as the\neffectiveness of the FDIC\xe2\x80\x99s information security pro-                                National Institute of Standards and Technology, have\ngram and assess the FDIC\xe2\x80\x99s compliance with the                                       identified fundamental management principles and\nrequirements of the Security Act and related informa-                                controls needed to implement an effective information\ntion security policies, procedures, standards, and                                   security management program. Based on our evalua-\nguidelines. We relied primarily on the Office of                                     tion work, we found that the FDIC had taken some, but\nManagement and Budget (OMB) Circular No. A-130,                                      not all, of the actions necessary to establish and imple-\nManagement of Federal Information Resources,                                         ment these fundamental management principles and\nAppendix III, Security of Federal Automated                                          controls. We concluded that the FDIC\xe2\x80\x99s progress in\nInformation Resources, as criteria for evaluating the                                addressing the security weaknesses identified in our\nadequacy of the FDIC\xe2\x80\x99s information security program.                                 2001 Security Act evaluation report was offset by the\nIn addition, our evaluation focused on the FDIC\xe2\x80\x99s                                    emergence of new information security weaknesses\nefforts to improve its information security controls and                             identified during our current year evaluation.\npractices relative to the baseline established in our                                Accordingly, our overall assessment of the FDIC\xe2\x80\x99s\n2001 Security Act evaluation report.                                                 information security program remained the same as\n                                                                                     last year.\nIn summary, we concluded that the Corporation had\nestablished and implemented management controls                                      Based on our evaluation results, we identified 10 steps,\nthat provided limited assurance of adequate security                                 listed in priority order, that the Corporation could take\nover its information resources. In 3 of 10 key manage-                               in the near term to improve its information security\nment control areas evaluated (Contractor and Outside                                 operations (see write-up on next page). The observa-\nAgency Security,2 Capital Planning and Investment                                    tions and conclusions contained in our evaluation\nControl, and Performance Measurement), the FDIC                                      report were designed to assist the Corporation in fur-\nhad no assurance that adequate security had been                                     thering its efforts to implement a comprehensive infor-\nachieved. In a fourth management control area                                        mation security program that provides reasonable\n(Security Act Responsibilities and Authorities), we                                  assurance of adequate security for its information\nhighlighted opportunities for FDIC management to                                     resources. Consistent with the intent of the Security\nstrengthen the accountability and authority of one of its                            Act, we will continue to work with the Corporation in\nmost important leadership positions related to informa-                              accomplishing its goals in this critical area.\ntion security, the Chief Information Officer.\n                                                                                     Products Supporting GISRA Results\nThe FDIC had been working hard to address the secu-                                  We issued the following individual reports in support\nrity weaknesses identified in our 2001 Security Act                                  of our GISRA-reported results during the reporting\nevaluation report and new weaknesses identified in                                   period:\nrecent audits and reviews. However, weaknesses in the\n                                                                                     Computer Security Incident Response Team\nFDIC\xe2\x80\x99s security operations continued to surface\n                                                                                     (CSIRT) Activities: CSIRT developed and implement-\nbecause the FDIC had not fully implemented a com-\n                                                                                     ed procedures for identifying and detecting, investigat-\nprehensive information security management program.\n                                                                                     ing and resolving, tracking, and reporting security inci-\nFrequently, security improvements at the FDIC were\n                                                                                     dents. CSIRT also communicated with appropriate\nthe result of a reaction to specific audit and review\n                                                                                     external organizations concerning new threats, vulner-\nfindings, rather than the result of a comprehensive\n                                                                                     abilities, solutions, and security incidents that the team\nprogram that provided continuous and proactive iden-\n                                                                                     had investigated. However, we reported that the effec-\ntification, correction, and prevention of security prob-\n                                                                                     tiveness of the program could be improved by consis-\nlems. Government oversight agencies, such as the U.S.\n                                                                                     tently defining computer security incidents in relevant\nGeneral Accounting Office (GAO) and OMB, and other\n\n2\n Our assessment of management controls associated with Contractor and Outside Agency Security was limited to contractor security and did not include an\nassessment of the establishment or implementation of controls related to outside agency security. We plan to complete an assessment of these controls as\npart of our next annual cycle of information system audits and evaluations.\n                                                                                                                                                           19\n\x0c                                       OIG Identifies GISRA Action Items\n\n     The OIG\xe2\x80\x99s Government Information Security Reform Act report communicated the following actions, in priority\n     order, to the FDIC Chairman. These actions should be taken to better ensure adequate security of corporate\n     information resources.\n\n     1. Strengthen accountability and authority for information security by (a) appointing a permanent Chief\n        Information Officer, (b) ensuring that the individual serving as the Chief Information Officer reports directly\n        and solely to the Chairman, and (c) filling key vacancies within the Division of Information Resources\n        Management that support information security initiatives and operations;\n\n     2. Make security a key selection factor in the 2003 information technology (IT) capital planning and invest-\n        ment control process to ensure that appropriate and cost-effective security controls are considered and\n        funded over the life cycle of the FDIC\xe2\x80\x99s IT investments. For 2004, the FDIC should have a completed IT\n        Capital Plan;\xe2\x97\x86\n\n     3. Complete the FDIC IT enterprise architecture to ensure that security controls for components, applications,\n        and systems are consistent with current and planned IT architectures;\n\n     4. Continue and complete efforts to define the sensitivity of all corporate data and related business rules and\n        ensure that the results are considered when developing and implementing security measures for corporate\n        systems and applications;\n\n     5. Strengthen the FDIC\xe2\x80\x99s Acquisition Policy Manual and other Corporation policies and procedures related to\n        contractor-provided services by incorporating the security standards prescribed by OMB Circular No. A-130\n        and the National Institute of Standards and Technology;\n\n     6. Establish key measures to assess the performance of corporate information security activities against\n        established baselines and target performance levels. Such measures should be designed to proactively\n        improve security processes and controls;\n\n     7. Define clear roles and responsibilities for all areas related to information security, including general sup-\n        port systems, major applications, information security managers, application contingency plans, and the\n        pre-exit clearance process for employees and contractors;\n\n     8. Complete and begin using the recently developed Information Security Program Management Report to bet-\n        ter track the integration of the FDIC\xe2\x80\x99s information, physical, and operational security activities;\n\n     9. Implement a formal software configuration management program that ensures all required software modi-\n        fications, including software patches, are properly tested, approved, and documented in a timely manner;\n        and\n\n     10. Complete and formally issue planned revisions to FDIC circulars related to information security.\n     \xe2\x97\x86\n      An IT Capital Plan is one output of the capital planning and investment control process and serves as the implementation plan for the\n     budget year. The IT Capital Plan should include a component that demonstrates that IT projects include security controls that are con-\n     sistent with the agency\xe2\x80\x99s enterprise architecture. An enterprise architecture is an institutional systems blueprint that defines in both\n     business and technological terms an organization\xe2\x80\x99s current and target operating environments and how the organization will transition\n     between the two.\n\n\n20\n\x0cFDIC policies and guidance, updating various policy          eral guidance, evaluated the adequacy of selected inter-\ndocuments, preparing test plans for vulnerability test-      nal and security controls related to the system. The\ning, better tracking of incidents, increased reporting to    independent public accounting firm concluded that\nother FDIC security components, and establishing per-        automated controls in GENESYS were adequate but\nformance goals and measures for CSIRT. DIRM                  recommended enhancements to better protect sensitive\nagreed to recommended actions.                               data through improved safeguards, password controls,\n                                                             and warning banner screens. Management agreed\nInformation Security Management of FDIC                      with the recommendations in our report.\nContractors: We concluded that the FDIC\xe2\x80\x99s contractor\ninformation security policies and procedures needed          Network Operations Vulnerability Assessment: We\nimprovement. Specifically, the policies and procedures       engaged PricewaterhouseCoopers Consulting (PwC),\nwere deficient with respect to the consideration of con-     an independent professional services firm, to perform a\ntractor security in acquisition planning and oversight       multi-phase vulnerability assessment of the FDIC\xe2\x80\x99s\nof contractor security practices. Further, the               network operations.\nCorporation\xe2\x80\x99s implementation of contractor informa-\ntion security in acquisition planning, incorporation of      The primary objective of the first phase of PwC\xe2\x80\x99s\ninformation security requirements in FDIC contracts,         assessment was to review past security practices and\nand oversight of contractor security practices were not      develop a plan for a more detailed assessment of the\nadequate. Finally, contractors generally failed to           vulnerability to FDIC\xe2\x80\x99s network operations during a\nimplement sufficient security measures. These control        follow-on Phase II. The resulting report from Phase I\nweaknesses exposed the FDIC\xe2\x80\x99s information resources          contained seven observations and multiple recommen-\nto the risk of unauthorized disclosure, destruction, and     dations intended to improve performance and manage-\nmodification of sensitive and critical data, and disrup-     ment controls.\ntion of system operations.\n                                                             DIRM partially concurred with all but two of PwC\xe2\x80\x99s rec-\nWe made eight recommendations to address the con-            ommendations. DIRM\xe2\x80\x99s written comments resolved\ncerns we identified. DIRM and Division of                    some recommendations and caused us, in consultation\nAdministration (DOA) management agreed to work               with PwC, to revise four others. A substantial number of\njointly to implement corrective actions in response to       recommendations were unresolved at the time of report\nour recommendations.                                         issuance; however, as of the end of the reporting period,\n                                                             we had reached agreement on all recommendations.\nInternal and Security Controls Related to the\nGeneral Examination System (GENESYS):                        Integration of Information Security into the Capital\nGENESYS is the system used to prepare the report of          Planning and Investment Control Process: The OIG\nexamination, which contains the results of examina-          and Office of Internal Control Management conducted a\ntions and ratings given to financial institutions. The       joint review to evaluate the FDIC\xe2\x80\x99s progress in integrat-\nfinalized report of examination is provided to the           ing information security into the capital planning and\nexamined institution and other federal and state exam-       investment control process (CPICP) since the OIG\xe2\x80\x99s first\niners with responsibilities for the institution.             GISRA report was issued in September 2001. That\nInstitution regulators are charged with maintaining          report identified CPICP as an area that may warrant\nstrict confidentiality in matters related to the financial   reporting as an individual material weakness. Our\ninstitution examinations. GENESYS contains confiden-         objective was to evaluate the extent to which the FDIC\ntial information related to the institution\xe2\x80\x99s financial      integrates security into that process.\ncondition and management. Our audit, conducted by\nan independent public accounting firm under our gen-\n\n\n\n\n                                                                                                             21\n\x0cAlthough not issued in final form during the reporting         Projections of calendar year 2002 non-legal contract\nperiod, we issued our draft report to management. We           awards and purchases total 1,400 actions valued at\ndetermined that the FDIC had continued efforts to              approximately $375 million. Information technology\nimprove its overall IT capital planning process, but           has always been one of the most active areas of con-\nmore progress was needed in establishing and imple-            tracting. As of September 30, 2002, there were more\nmenting three key CPICP management controls related            than 415 active information resources management\nto security: an enterprise architecture that specifically      contracts valued at approximately $476 million that\naddresses security requirements, consideration of              had been awarded in headquarters. Approximately\ninformation security in capital IT investment decisions,       $230 million of this expenditure authority for active\nand system life cycle security management. Until these         contracts had been spent and approximately $246 mil-\nkey management controls are fully established and              lion remained to be used as of that date.\nimplemented, corporate level decision-makers cannot\n                                                               New Approach to Contract Audits\nbe assured that security is appropriately integrated in\n                                                               In coordination with DOA, the OIG developed a new\nFDIC systems commensurate with the level of risk\n                                                               approach to conducting audits of contractor billings\nassociated with those systems.\n                                                               and completed several audits using the new approach\nBecause deficiencies in the CPICP were again identi-           during the reporting period. Post-award audits of con-\nfied as a potential material weakness in our 2002              tractors focus specifically on contract provisions to\nGISRA report, we will carefully evaluate the forthcom-         determine the allowability of costs. Preaward audits\ning management response to this report outlining spe-          focus on the bids received from potential contractors.\ncific corrective actions and will discuss this review in       We also can review the contract award process and\nmore detail in our upcoming semiannual report.                 contractor controls, as needed.\n\nEnsuring Sound Controls and                                    We questioned a total of $528,492 in two post-award\n                                                               reports for reasons including unauthorized subcontrac-\nOversight of Contracting                                       tors, unallowable subcontractor mark-ups, incorrect\nThe private sector provides goods and services to the\n                                                               timesheets, unreasonable project management hours\nFDIC as needed through contracting to assist the\n                                                               billed, and billings for unauthorized labor categories.\nCorporation in accomplishing its mission. Contractors\nprovide assistance in such areas as information tech-          Management\xe2\x80\x99s response for $215,174 of that amount\nnology, legal matters, loan servicing, asset manage-           was not due as of the end of the reporting period. For\nment, and financial services.                                  the remainder, management disallowed $34,926.\nMaintaining a strong system of internal controls and           We issued three preaward reports. Two of the reports\neffective oversight of contracting is critical to the FDIC\xe2\x80\x99s   related to activities regarding the construction of the\nsuccess. The Corporation has taken a number of steps           Virginia Square II building and the third addressed\nin this regard\xe2\x80\x93training, revisions to the Acquisition          contracting for Local Area Network administration and\nPolicy Manual, and Contractor Oversight working                mainframe and operational support.\ngroups. A goal related to contractor oversight was\nadded to the Corporation\xe2\x80\x99s Annual Performance Plan,            Management has expressed appreciation to the OIG for\nwhich is formulated in accordance with the Government          its efforts in this area of contract auditing.\nPerformance and Results Act. The Corporation must\nsustain such efforts going forward. Additionally, with\nincreased downsizing and possibly more involvement of\ncontractors to carry out the FDIC mission, effective over-\nsight will become even more critical.\n\n\n\n\n22\n\x0cEstablishing Goals and Measuring                              clearly inform the Congress and the public of the\n                                                              results and outcomes of the FDIC\xe2\x80\x99s major programs\nResults                                                       and activities, including how the agency will accom-\nThe Government Performance and Results Act (Results\n                                                              plish its goals and measure the results.\nAct) of 1993 was enacted to improve the efficiency,\neffectiveness, and accountability of federal programs by      OIG Formulates Results Act Review Plan\nestablishing a system for setting goals, measuring per-       In 1998, the House Leadership formally requested that\nformance, and reporting on accomplishments.                   the Inspectors General of 24 executive agencies develop\nSpecifically, the Results Act requires most federal agen-     and implement a plan for reviewing their agencies\xe2\x80\x99\ncies, including the FDIC, to prepare a strategic plan         Results Act activities. The Congress attaches great\nthat broadly defines each agency\xe2\x80\x99s mission, vision, and       importance to effective implementation of the Results\nstrategic goals and objectives; an annual performance         Act and believes that Inspectors General have an impor-\nplan that translates the vision and goals of the strategic    tant role to play in informing agency heads and the\nplan into measurable annual goals with specific indica-       Congress on a wide range of issues concerning efforts\ntors and targets; and an annual performance report            to implement the Results Act. We believe the congres-\nthat compares actual results against planned goals.           sional views on such a review plan represent an appro-\n                                                              priate direction for all Offices of Inspector General.\nThe Corporation\xe2\x80\x99s strategic plan and annual perform-\nance plan lay out the agency\xe2\x80\x99s mission and vision and         OIG\xe2\x80\x99s Results Act Review Plan\narticulate goals and objectives for the FDIC\xe2\x80\x99s three major    The FDIC OIG is fully committed to taking an active\nprogram areas of Insurance, Supervision, and                  role in the Corporation\xe2\x80\x99s implementation of the Results\nReceivership Management. The plans focus on four              Act. We have developed a review plan to help ensure\nstrategic goals that define desired outcomes identified for   that the Corporation satisfies the requirements of the\neach program area: (1) Insured Depositors Are Protected       Results Act and maintains systems to reliably measure\nfrom Loss Without Recourse to Taxpayer Funding,               progress toward achieving its strategic and annual per-\n(2) FDIC-Supervised Institutions Are Safe and Sound,          formance goals. Our review plan consists of the fol-\n(3) Consumers\xe2\x80\x99 Rights Are Protected and FDIC-                 lowing three integrated strategies:\nSupervised Institutions Invest in Their Communities, and      Linking Planned Reviews to the Results Act. We will\n(4) Recovery to Creditors of Receiverships Is Achieved.       link planned reviews to corporate strategic goals and\nThrough its annual performance report, the FDIC is            provide appropriate Results Act coverage through audits\naccountable for reporting actual performance and              and evaluations. As part of this strategy, our planning\nachieving these strategic goals, which are closely linked     effort this year will seek to align our audit work more\nto the major issues discussed in this semiannual report.      closely with the Corporation\xe2\x80\x99s strategic plan.\nThe Corporation has made significant progress in              Targeted Verification Reviews. We will maintain a\nimplementing the Results Act and will continue to             program of independent reviews to periodically evalu-\naddress the challenges of developing more outcome-            ate the adequacy and reliability of selected information\noriented performance measures, linking performance            systems and data supporting FDIC performance\ngoals and budgetary resources, implementing process-          reports. The OIG has developed a standard work pro-\nes to verify and validate reported performance data,          gram to conduct these evaluations.\nand addressing crosscutting issues and programs that\naffect other federal financial institution regulatory         Advisory Comments. We will continue our practice of\nagencies. The FDIC is committed to fulfilling both the        providing advisory comments to the Corporation\nrequirements of the Results Act and congressional             regarding its update or cyclical preparation of strategic\nexpectations that the performance plans and reports           and annual performance plans and reports.\n\n\n\n\n                                                                                                              23\n\x0cExamples of OIG audit findings and recommendations          The OIG will continue to develop and refine its inte-\nduring the reporting period that are linked to Result       grated oversight strategy to help ensure that the FDIC\xe2\x80\x99s\nAct issues and concepts include the following:              Results Act-related efforts fully conform to the spirit\n                                                            and intent of the Act. We plan to continue to work with\nWe issued a report on the FDIC\xe2\x80\x99s receivership termina-      the Corporation to improve the FDIC\xe2\x80\x99s performance\ntion activity. We concluded that DRR was complying          measurement and reporting through our audits, evalu-\nwith policies and procedures for terminating receiver-      ations, and management advisory reviews and analy-\nships and data contained in the Receivership                ses. The OIG will also continue to monitor and review\nTermination System for the sampled receiverships            legislation proposed in the Congress to amend the\nwere accurate and complete. We identified one area of       Results Act and will actively participate to refine appro-\nconcern, however, related to DRR annual performance         priate OIG Results Act roles, responsibilities, and activ-\nplanning and receivership termination activity.             ities through the President\xe2\x80\x99s Council on Integrity and\n                                                            Efficiency and the interagency groups it sponsors.\nSpecifically, DRR\xe2\x80\x99s 2002 annual performance planning\nindicators and targets did not cover all significant        Addressing Human Capital Issues\nreceivership termination activities. Specifically, a 2002   The FDIC has been in a downsizing mode for the past\nperformance indicator and target for terminating            10 years as the workload from the banking and thrift\nreceiverships initiated prior to 2000 was not developed.    crises of the late l980s and 1990s has been accom-\nPre-2000 receiverships accounted for 157 of the 168         plished. During the reporting period, a number of divi-\nactive receiverships in inventory at January 1, 2002.       sion mergers and reorganizations took place and the\nWe recommended that DRR establish an interim 2002           Corporation concluded its 2002 buyout/retirement\nperformance indicator and targets that include all          incentive programs. As noted in its 3rd quarter Letter\nactive receiverships when formulating future annual         to Stakeholders, these most recent incentive programs\nperformance plans. DRR concurred with the two rec-          achieved a reduction of 699 staff and $80 million pro-\nommendations in our report and planned corrective           jected savings in future operating costs. In total, over\naction in response. (Also see write-up related to           the past 10+ years, the workforce (combined from the\nThird-Party Corrective Actions.)                            FDIC and the Resolution Trust Corporation) has fallen\nOIG Reviews FDIC 2001 Program                               from approximately 23,000 in 1992 to 5,500 as of\nPerformance Report                                          September 30, 2002.\nDuring this reporting period, the OIG reviewed and\n                                                            By June 2003, the Corporation hopes to substantially\nprovided advisory comments to management on the\n                                                            complete required downsizing and correct existing\nFDIC\xe2\x80\x99s draft 2001 Program Performance Report. The\n                                                            skills imbalances. To do so, the Corporation continues\npurpose of our review was to provide suggestions for\n                                                            to carry out other features of its comprehensive pro-\nenhancing the Corporation\xe2\x80\x99s performance report based\n                                                            gram such as solicitations of interest, reassignments,\non our knowledge and OIG work related to the Results\n                                                            retraining, outplacement assistance, and possible\nAct. In addition, we reviewed the report to determine if\n                                                            reductions-in-force. As the Corporation adjusts to a\nit was in compliance with the Results Act and related\n                                                            smaller workforce, it must continue to ensure the\nOMB guidance. We noted that the draft performance\n                                                            readiness of its staff to carry out the corporate mission.\nreport was not clear with respect to reporting on\nreceivership termination activity and suggested that it     The Corporation has also predicted that almost 20 per-\nbe clarified. In addition, we suggested that the FDIC       cent of FDIC employees will be eligible to retire within\nperformance report include a reference to the OIG per-      the next 5 years. The Corporation must continue to\nformance report in accordance with OMB guidance.            conserve and replenish the institutional knowledge and\nManagement agreed with our comments and incorpo-            expertise that has guided the organization over the past\nrated many of our suggestions into the final report that    years. Hiring and retaining new talent will be impor-\nwas sent to the Congress and OMB.\n\n\n24\n\x0ctant, and hiring and retention policies that are fair and                          ensure that the federal government functions in the most\ninclusive remain a significant component of the corpo-                             economic, efficient, and effective manner possible.\nrate diversity plan.\n                                                                                   In its Model of Strategic Human Capital Management,\n                                                                                                                                   3\nAn important corporate consideration is determining                                GAO identified three cornerstones that relate to the\nwhere FDIC employees will be housed over the long-                                 activities we addressed in our evaluation:\nterm. In that regard, the Corporation's Board of\nDirectors approved construction of a new nine-story                                  \xe2\x80\xa2 Leadership commitment to human capital\nbuilding at its Virginia Square office complex in                                       management,\nNorthern Virginia. This building will house FDIC staff\n                                                                                     \xe2\x80\xa2 Strategic human capital planning, and\nfor the most part now working in leased space in the\nDistrict of Columbia. The expansion will cost approxi-                               \xe2\x80\xa2 Acquiring, developing, and retaining talent.\nmately $111 million; however, the Corporation antici-\npates substantial savings in the long run\xe2\x80\x94more than                                In our memorandum, we communicated our observa-\n$78 million (in today\xe2\x80\x99s dollars) over the next 20 years.                           tions on past corporate activities in these areas and\nAt DOA\xe2\x80\x99s request, the OIG conducted a preaward                                     focused on on-going or planned initiatives, pointing out\nreview to ensure that the process for soliciting and hir-                          where we believe the Corporation should continue to\ning contractors to perform the work of constructing the                            concentrate its efforts.\nnew site is carefully controlled and properly carried                              Leadership Commitment\nout. (See earlier write-up on preaward reviews.)                                    \xe2\x80\xa2 The Corporation\xe2\x80\x99s Human Resources Committee\n                                                                                      (HRC), comprised of eight executives from through-\nThe Corporation\xe2\x80\x99s organizational make-up has been\n                                                                                      out the Corporation, is a key driver of the\naltered dramatically, and more change is in store.\n                                                                                      Corporation\xe2\x80\x99s human capital initiatives to stream-\nDesigning, implementing, and maintaining effective\n                                                                                      line the organization, complete downsizing, estab-\nhuman capital strategies are critical priorities and\n                                                                                      lish clear performance expectations and incentives\nmust be the focus of sustained corporate attention.\n                                                                                      for executives, and build a flexible workforce\nOIG Evaluates Selected Corporate Human                                                through a Corporate University and job rotation\nCapital Strategies                                                                    program. The HRC is responsible for developing\nThe OIG initiated an evaluation of aspects of the                                     policy recommendations for the Chief Operating\nCorporation\xe2\x80\x99s employee training and development                                       Officer (COO), Chief Financial Officer (CFO), and\nefforts. At the time we were conducting our work, the                                 the Deputy to the Chairman, as well as monitoring\nCorporation was in the midst of announcing several                                    the implementation of the Corporation\xe2\x80\x99s human\nnew initiatives and implementing a number of organi-                                  capital initiatives.\nzational changes that impacted both its training and\ndevelopment and overall human capital programs. As                                   \xe2\x80\xa2 The Corporate University is one of the key initia-\na result, we determined that it was not an appropriate                                  tives to transform the FDIC. It will be organization-\ntime to review these activities. Because we had also                                    ally placed in the newly designed Human\ngathered information associated with the FDIC\xe2\x80\x99s over-                                   Resources Branch\xe2\x80\x93a merger of the Training and\nall human capital strategy, we issued a memorandum                                      Consulting Services Branch and the Personnel\nto management to communicate that information as we                                     Services Branch\xe2\x80\x93within DOA.\nterminated our review.\n                                                                                     \xe2\x80\xa2 The FDIC is recruiting a human capital professional\nOur memorandum noted that last year, GAO added strate-                                  as Associate Director of the Human Resources\ngic human capital management to its list of high-risk gov-                              Branch. This position will report to the Deputy\nernment programs as an area that needs attention to                                     Director, DOA, who is also the Chairman of the\n3\n GAO\xe2\x80\x99s Model of Strategic Human Capital Management identified a fourth cornerstone \xe2\x80\x9cResults-Oriented Organizational Culture,\xe2\x80\x9d which addresses empowerment\nand inclusiveness of employees and linking individual performance to organizational goals.\n\n\n                                                                                                                                                     25\n\x0c   HRC. The Associate Director\xe2\x80\x99s responsibilities will      \xe2\x80\xa2 The Chairman\xe2\x80\x99s announcements of the Corporate\n   include the development of a comprehensive                 University and job rotation program will build on\n   human capital program for the Corporation.                 the Diversity Strategic Plan foundation and help\nStrategic Workforce Planning                                  create a broader corporate perspective through\n \xe2\x80\xa2 The Corporation conducted an FDIC Human Capital            training and employee development.\n   Self-Assessment based on GAO guidelines, drafted a\n   Human Resources Strategic Plan, and included vari-\n                                                            \xe2\x80\xa2 The Corporate University Steering Committee is\n                                                              currently developing its strategy for the Corporate\n   ous human capital initiatives in both the FDIC\n                                                              University to best fit the FDIC\xe2\x80\x99s mission and opera-\n   Strategic Plan and the FDIC 2002 Annual Plan.\n                                                              tions. The Committee is also consulting with\n   However, the FDIC has not yet finalized its develop-\n                                                              private-sector corporate universities, academic\n   ment of a fully integrated human capital frame-\n                                                              institutions, and other experts to identify best\n   work, such as the Human Resources Strategic Plan\n                                                              practices. The Steering Committee anticipates\n   could provide. The HRC indicated that the draft\n                                                              completing its work and presenting an options\n   Human Resources Strategic Plan would be revisited\n                                                              paper to the Chairman by the end of 2002.\n   this fall before presenting it to the COO, CFO, and\n   Deputy to the Chairman. We consider completion          Because human capital management is critical to the\n   of this plan to be a critical priority for the FDIC.    Corporation\xe2\x80\x99s future success, we will continue to mon-\n                                                           itor the Corporation\xe2\x80\x99s progress and provide audit\n \xe2\x80\xa2 The Corporation\xe2\x80\x99s annual planning process address-      coverage of the program and initiatives, as we deem\n   es workforce planning in its core staffing analysis.\n                                                           appropriate.\n   However, the Corporation\xe2\x80\x99s current practices do not\n   include a formalized corporate-wide skill gap           Containing Costs and Assessing\n   analysis for long-term human capital planning pur-\n                                                           Business Processes\n   poses. In its draft Human Resources Strategic Plan,\n                                                           The Corporation continues efforts to identify and\n   the Corporation recognized that the FDIC does not\n                                                           implement ways to contain and reduce costs, either\n   have such a process to compare the skills possessed\n                                                           through more careful spending or assessing and mak-\n   by the workforce against future needs and identify\n                                                           ing changes in business processes to increase efficien-\n   strategies to address those gaps.\n                                                           cy. As steward for the BIF and the SAIF, the FDIC\nAcquiring, Developing, and Retaining Talent                looks for cost reductions and efficiency improvements\n \xe2\x80\xa2 DOA\xe2\x80\x99s Training and Consulting Services Branch, as       to minimize the draw on the funds.\n   the principal training and employee development\n   organization, works with the divisions and offices to   The Corporation has taken steps to increase emphasis\n   identify the best ways to address their learning        in this area. As discussed in the previous section of\n   needs and develop core training programs.               this report, savings will result from the Corporation\xe2\x80\x99s\n                                                           planned building of its new Virginia Square site. It is\n \xe2\x80\xa2 The strategies embodied in the FDIC Diversity           also expected that the Corporation\xe2\x80\x99s New Financial\n   Strategic Plan include enhancing the corporate          Environment will result in lower costs, better function-\n   recruiting program, creating developmental oppor-       ality, and enhanced efficiency. Several other initiatives\n   tunities, enhancing the internal and external           are in process to better understand what the various\n   selection processes, and addressing benefit and         business processes and activities within the FDIC cost,\n   workplace issues.                                       how they can be made more efficient, and how they\n                                                           compare to private and public sector entities. The\n                                                           Corporation may also need to recognize and plan for\n                                                           unmet needs which can add to operating costs. Such\n\n\n\n\n26\n\x0cneeds may include, for example, further ensuring          Ensuring Security of Physical and\ninformation resources security and maintaining essen-\ntial physical security.\n                                                          Human Resources\n                                                          Largely in light of the events of September 11, 2001, we\nSince being named head of the FDIC, FDIC Chairman         identified an emerging issue that the FDIC needed to\nPowell has underscored the importance of efficiency       address: the security of the FDIC\xe2\x80\x99s physical and\nand effectiveness of the FDIC in various communica-       human resources. The Corporation has devoted con-\ntions with FDIC employees. Certainly, the                 siderable attention to these areas since the tragic\nCorporation\xe2\x80\x99s organizational streamlining and down-       events of that day and continues to do so. It has\nsizing were designed to achieve such efficiencies and     enhanced important physical security features of its\neconomies. Additionally, the Corporation is evaluating    properties. It has worked to keep employees informed\nthe cost of certain corporate operations against appro-   of security matters and events occurring in the\npriate benchmark organizations. The results of such       Washington, D.C., area and field offices that may\nstudies will help the Corporation identify areas in       impact employee safety and security. It also developed\nwhich its costs may be higher than other organizations    an Emergency Response Plan on which the OIG pro-\nand potential \xe2\x80\x9cbest practices\xe2\x80\x9d to reduce these costs.     vided extensive comments to the Chief Operating\n                                                          Officer during the previous reporting period.\nIn this connection, the Corporation is implementing a\nservice costing initiative\xe2\x80\x94new procedures to charge       We completed fieldwork on our evaluations of the\nreceiverships for services provided by the Corporation    FDIC\xe2\x80\x99s physical security of Washington, D.C., area and\nby applying standard rates. This initiative should also   regional and field office facilities during the reporting\nresult in improved allocation of receivership expenses.   period and issued two reports conveying our results.\nThe OIG is conducting a review of data quality of serv-   Evaluation of Physical Security for the FDIC\xe2\x80\x99s\nice costing to determine whether adequate controls        Washington, D.C. Area Facilities\nexist to ensure the accuracy, timeliness, and complete-   We issued a report on the FDIC\xe2\x80\x99s physical security pro-\nness of receivership-related data used by the service     gram and its implementation in the Corporation\xe2\x80\x99s\ncosting system. Additionally, the OIG plans future        Washington, D.C. metropolitan area facilities, including\nwork on service costing billing rates to determine        Virginia Square. Generally the Corporation\xe2\x80\x99s program\nwhether the rates developed have been adequately          addresses perimeter security, entry security, interior\nsupported and controls are in place to ensure that        security, and security planning\xe2\x80\x94the four broad areas\nreceiverships are being accurately billed. Our results    covered by Department of Justice-recommended mini-\nwill be discussed in future semiannual reports.           mum security standards. However, we noted several\n                                                          areas where the Corporation could improve its physical\n   The FDIC\xe2\x80\x99s Travel Card Program                         security program. Specifically, the Corporation needed\n                                                          to require that a risk level be assigned to each FDIC\n   We conducted an audit of the Corporation\xe2\x80\x99s travel      building and that the minimum security standards\n   card program and concluded that the Corporation        deemed practicable for each building be documented.\n   has taken necessary steps to implement effective       Security risk assessments of FDIC facilities also needed\n   internal control over the program. The FDIC\xe2\x80\x99s poli-    to be conducted in accordance with time frames pre-\n   cies and monitoring activities, along with the Bank    scribed by FDIC policy. Finally, and this is a point that\n   of America\xe2\x80\x99s contractual travel card restrictions,     DOA recognized and acted upon, the initial design and\n   serve to mitigate the risk of abuses and potential     assignment of responsibilities for emergency evacua-\n   damage to the public\xe2\x80\x99s confidence in the               tion to both the Physical Security Unit and the Health\n   Corporation as financial institution supervisor or     Safety and Environmental Unit was confusing, and\n   insurer.                                               responsibilities were reassigned solely to the Physical\n\n\n\n\n                                                                                                           27\n\x0cSecurity Unit. We made 11 recommendations and             and Keystone Bank\xe2\x80\x94as presented in prior semiannual\noffered several suggestions to better ensure the safety   reports.\nand security of individuals and property. The actions\nalready taken or planned by the Corporation are           The issues involve interrelated roles of management\nresponsive to our concerns.                               (including Boards of Directors and Audit Committees),\n                                                          independent auditors, and regulators. Management is\nSecurity for Field Sites                                  primarily responsible for the reliability of financial\nWe also reported that regional and field offices had      reports with auditors providing an independent audit\nimplemented perimeter, entry, and interior security       function and regulators relying on the financial data.\nmeasures that met or exceeded the Department of\nJustice\xe2\x80\x99s recommended minimum standards for the           Affected regulators include the Securities and\nfacilities\xe2\x80\x99 assigned security levels. DOA had performed   Exchange Commission as well as the FDIC and other\nvulnerability assessments of regional and field office    financial institution regulators. The need for reliable\nfacilities and implemented recommended security           financial data affects the ability of regulators to effec-\nmeasures identified from those assessments. Each of       tively achieve their oversight missions. To the extent\nthe 15 offices in our sample had established proce-       that the financial reporting of businesses (including\ndures for responding to and reporting on emergencies      financial institutions) is not reliable, the regulatory\nand other security-related incidents. However, differ-    processes and mission achievement can be adversely\nences existed among the various offices regarding the     affected. Financial institution regulators are affected\ntypes of security-related incidents reported for inclu-   by the quality of reporting of financial institutions and\nsion in the FDIC\xe2\x80\x99s incident reporting and investigation   businesses transacting with financial institutions.\nsystem. This inconsistent reporting limited the FDIC\xe2\x80\x99s    Critical operational processes of financial institution\nability to use the data for detecting trends that may     regulators can be adversely affected. Essential\nrequire additional security measures. We made two         research and analysis (used for economic analysis and\nrecommendations to improve the completeness and           decision-making) and bank supervision (examina-\nusefulness of data contained in the system, and man-      tions) can be complicated and potentially compromised\nagement agreed with both of them.                         by poor quality financial reports and audits.\n\nUpdate on Emerging Issue: The                             In addition to supervision safety and soundness issues,\nQuality of Bank Financial Reporting                       the FDIC, in its roles as receiver and insurer, is poten-\n                                                          tially affected by financial reporting and audit quality,\nand Auditing                                              regardless of whether the FDIC is the primary federal\nDuring the previous reporting period, the OIG identi-\n                                                          regulator. Receivership management operations, rely-\nfied the following emerging issue as warranting FDIC\n                                                          ing on accounting and auditing contractors, can be\nmanagement's attention.\n                                                          adversely affected. Potentially, the insurance funds can\nRecent highly publicized business failures, including     be affected, for example, by financial institution and\nfinancial institution failures, have raised significant   other business failures precipitated in whole or in part\nquestions about the quality of financial reporting and    by financial reporting irregularities.\nauditing of these businesses. Various dimensions of\n                                                          The financial reporting and audit quality issues are\nthis issue have been, and continue to be, widely dis-\n                                                          complicated by a number of interrelated risk factors,\ncussed and reported in various forums, most notably\n                                                          including: auditor independence; complexity and\nwith congressional hearings on the failure of Enron\n                                                          sophistication of business structures and transactions;\nCorporation. Aspects of the problem as it relates to\n                                                          adequacy and complexity of standards; fraud; auditors\xe2\x80\x99\nfinancial institutions have been documented in rela-\n                                                          document retention procedures; adequacy of auditor\ntively recent OIG work on bank failures\xe2\x80\x94Superior Bank\n\n\n\n\n28\n\x0coversight; and qualifications and fitness of Audit         sions. The DSC subsequently joined the group to\nCommittees, Boards of Directors, and Officers.             ensure coordination with the independence initiatives\n                                                           under consideration, such as the independence\nCorporation Takes Steps to Address Issue\n                                                           requirements and interpretations of the Securities and\nThe Corporation has initiated actions to address many\n                                                           Exchange Commission and the Sarbanes-Oxley Act of\naspects of the bank financial reporting and audit quali-\n                                                           2002 as it affects accounting firms\xe2\x80\x99 work in insured\nty issue that we discussed in our last semiannual\n                                                           institutions.\nreport. The Corporation\xe2\x80\x99s 2001 Annual Report to the\nCongress (under the Chief Financial Officers Act),         Corporate initiatives, highlighted below, address:\nissued during this period, discussed this matter as an     independence requirements for corporate contracts\nemerging issue. The Corporation also initiated several     with accounting firms; auditor independence for\nkey actions to help ensure the quality of financial        insured institutions; disciplining accountants; and\nreporting and auditing of financial institutions.          additional Sarbanes-Oxley Act considerations.\nThe Corporation\xe2\x80\x99s actions considered the impact of         Independence Requirements for Corporate\nrecent significant changes to standards and policies for   Contracts with Accounting Firms\nauditors. These changes resulted from the recent           The new GAO independence standards include the fol-\nSarbanes-Oxley Act of 2002 and new government              lowing two overarching principles:\nauditing standards for independence issued by the\nComptroller General of the United States:                   \xe2\x80\xa2 Auditors should not perform management\n                                                              functions or make management decisions; and\n \xe2\x80\xa2 The Sarbanes-Oxley Act of 2002 established dramat-\n   ic changes for publicly held companies and their         \xe2\x80\xa2 Auditors should not audit their own work or provide\n   auditors to protect investors and improve the accu-        nonaudit services in situations where the nonaudit\n   racy and reliability of corporate financial reporting      services are significant/material to the subject mat-\n   and disclosures. Among other provisions, the Act           ter of audits.\n   revised auditor independence rules, created a           To address the overarching independence principles\n   Public Company Accounting Oversight Board,              involving corporate contracts with accounting firms,\n   revised corporate governance standards, and signif-     the following key actions have been taken:\n   icantly increased the criminal penalties for viola-\n   tions of securities laws.                                \xe2\x80\xa2 Revise ethics regulation to address lack of inde-\n                                                              pendence as a conflict of interest. In May 2002,\n \xe2\x80\xa2 GAO published revised independence standards in            the FDIC Board approved an interim final rule (12\n   January 2002, effective for governmental audits            CFR Part 366). A final version of the rule has been\n   beginning on or after January 1, 2003.                     prepared for FDIC Board approval.\nTo address these issues, the Corporation established a      \xe2\x80\xa2 Address significance and materiality for nonau-\njoint group that included the Office of Internal Control      dit services. The Legal Division will work with\nManagement, DOA, and the OIG. The OIG\xe2\x80\x99s role was              divisions/offices to prepare factors to be considered\nto provide independent technical advice. The group\xe2\x80\x99s          in determining whether nonaudit services are sig-\ninitial objective was to determine the actions that the       nificant/material, to assess compliance with GAO\xe2\x80\x99s\nCorporation should take regarding its use of services         overarching principle.\nfrom accounting firms to ensure compliance with the\nnew GAO independence standards. The Corporation\xe2\x80\x99s\nLegal Division and the DRR also joined the group to\naddress contract issues within their respective divi-\n\n\n\n\n                                                                                                           29\n\x0c \xe2\x80\xa2 Address expert witness contracts.      The Legal           Auditor Independence Requirements for Insured\n   Division uses expert witnesses from accounting             Institutions\n   firms. These firms will be reviewed to ensure there        The FDIC\xe2\x80\x99s DSC, in coordination with other financial\n   are no conflicts of interest. In addition, the guid-       regulatory agencies, has a number of initiatives under-\n   ance for outside counsel will be updated, as neces-        way related to audits of insured banking institutions:\n   sary.\n                                                              Under FDIC regulations (12 CFR Part 363) and\n \xe2\x80\xa2 Address contracts of failed institutions. Guidance         explanatory guidelines and interpretations, auditors of\n   is being developed to address auditor independence         insured institutions with $500 million or more in assets\n   for contracts with accounting firms inherited from         must \xe2\x80\x9cmeet the independence requirements and inter-\n   failed institutions.                                       pretations of the SEC and its staff.\xe2\x80\x9d As a result of the\n                                                              Sarbanes-Oxley Act of 2002, DSC believes that auditors\n \xe2\x80\xa2 Use Ethics Conflicts Committee.      The Legal             are prohibited from performing both internal audit out-\n   Division\xe2\x80\x99s ethics conflicts committee, established to      sourcing and consulting work for external audit clients.\n   address potential ethical conflicts of interest, will be\n   convened as necessary to address auditor independ-         An interagency working group, headed by the FDIC,\n   ence conflicts.                                            had been revising the guidance on auditor independ-\n                                                              ence in the December 1997 \xe2\x80\x9cInteragency Policy\n \xe2\x80\xa2 Update Acquisition Policy Manual (APM).      DOA           Statement on the Internal Audit Function and its\n   will update the APM to address auditor independ-           Outsourcing\xe2\x80\x9d in response to the SEC's adoption of\n   ence. The APM establishes a consolidated and uni-          revised independence rules in November 2000. As a\n   form set of policies and procedures for procuring          result of the Sarbanes-Oxley Act of 2002, the guidance\n   goods and services on behalf of the Corporation.           will require further revision. The following actions are\n                                                              among those being considered:\n \xe2\x80\xa2 Update standard contracts.     DOA and the Legal\n   Division will ensure that updated standard con-             \xe2\x80\xa2 Advise institutions with $500 million or more in\n   tracts address lack of independence as a conflict of          total assets and all publicly-held institutions that\n   interest. Also, contractor certifications will be             they should follow the requirements of the new\n   required to ensure auditor independence standards.            Sarbanes-Oxley Act;\n\n \xe2\x80\xa2 Consider automated tracking mechanism.         DOA          \xe2\x80\xa2 Encourage institutions with under $500 million in\n   will consider the feasibility of using an automated           total assets that are not publicly held to follow the\n   mechanism to track the various types of auditor               requirements of the new Sarbanes-Oxley Act; and\n   services being provided to assist in monitoring\n   potential independence issues.                              \xe2\x80\xa2 Advise all state-chartered institutions to also follow\n                                                                 any state laws or regulations with regard to auditor\nAlso, the OIG is updating its internal policies and pro-         independence.\ncedures to ensure appropriate compliance with\n                                                              Disciplining Accountants Who Perform\nGenerally Accepted Government Auditing Standards,             Audit Services\nincluding independence standards. The OIG will also           For institutions with $500 million or more in total\naddress the work of accounting firms conducting work          assets - Section 36 of the Federal Deposit Insurance Act\nunder OIG contracts.                                          requires the federal banking agencies to jointly issue\n                                                              rules of practice for removing, suspending, and barring\n                                                              accountants from performing audit services for institu-\n                                                              tions subject to Part 363. An interagency working\n\n\n\n\n30\n\x0cgroup has been drafting proposed rules of practice.       The OIG will continue to monitor and assess this issue\nThese rules would permit the agencies to                  for consideration in planning future audit and over-\nsuspend/remove/bar independent public accountants         sight work. In this regard, one ongoing audit is cur-\nfrom performing services under Section 36 for good        rently reviewing examiner reliance on the work of\ncause. The rules of practice would define \xe2\x80\x9cgood cause.\xe2\x80\x9d   independent public accountants.\n\nFor all institutions - For several years, the FDIC has\nmaintained a program of reporting apparent noncom-           Agreement with GAO Regarding\npliance by bank auditors with applicable professional\nstandards (including Generally Accepted Auditing\n                                                               the Corporation\xe2\x80\x99s Financial\nStandards (GAAS)) to the American Institute of                   Statement Audit Work\nCertified Public Accountants (AICPA) and state boards\nof accountancy. The AICPA as a professional associa-\n                                                             During the reporting period, we reached agreement\ntion investigates GAAS infractions and may discipline\n                                                             with the General Accounting Office (GAO) regarding\naccountants. Disciplinary action frequently involves\n                                                             the level of OIG resources available for the 2002\nadditional education for the disciplined person but may      financial statement audit work and the specific\nultimately result in revocation of an accountant\xe2\x80\x99s           areas that the OIG would accomplish. Based on\nAICPA membership. State boards are able to revoke an         earlier discussions with GAO, we agreed that the\naccountant\xe2\x80\x99s license to practice; however, followup on       OIG would commit three staff members and perform\nreferrals by some boards may be constrained by finan-        the receivables from bank/thrift resolutions and\ncial or staff limitations.                                   receivership receipts audit work. We will conduct\n                                                             the work in accordance with the GAO\xe2\x80\x99s Generally\nAdditional Sarbanes-Oxlely Act Considerations                Accepted Government Auditing Standards and the\nWhere the FDIC has authority under Section 36 of the         GAO/President\xe2\x80\x99s Council on Integrity and Efficiency\nFederal Deposit Insurance Act, the FDIC is considering       Financial Audit Manual. This approach will enable\nwhether to amend Part 363 to be consistent with the          the GAO to rely on our work for its opinion on each\nSarbanes-Oxley Act by:                                       fund\xe2\x80\x99s financial statements and internal control.\n \xe2\x80\xa2 Requiring independent public accountants to be            We also agreed that one OIG staff member will\n   registered accounting firms;\n                                                             assist GAO in the information systems testing area\n \xe2\x80\xa2 Accepting registration applications, annual reports,      and have discussed a plan for the OIG to assume\n   and inspection reports of registered accounting           complete responsibility for this area in the future.\n   firms in lieu of peer review reports;                     In this regard, we are working on a multi-year strat-\n                                                             egy for performance of the information systems\n \xe2\x80\xa2 Requiring that the independent public accountant          audit requirements starting in 2003.\n   retain audit documentation and any needed com-\n   puter programs for a period of 7 years; and\n\n \xe2\x80\xa2 Adding the duties and responsibilities of the audit\n   committee outlined in the new Act.\n\n\n\n\n                                                                                                           31\n\x0c      The FDIC Stands to Recover Undelivered State\n        Tax Refunds Belonging to FDIC-Managed\n              Failed Financial Institutions\n     During the reporting period we issued a follow-up memorandum to the\n     Director of the Division of Finance and the Director of the Division of\n     Resolutions and Receiverships concerning an earlier review we conducted\n     of undelivered tax refunds. Our earlier review was done to determine\n     whether state revenue or tax departments were holding undelivered tax\n     refunds that belonged to failed financial institutions or their subsidiaries.\n     As a result of that review, we collected about $65,000 in undelivered tax\n     refunds from the state of Massachusetts which we forwarded to corporate\n     officials for posting to appropriate accounting records. We further request-\n     ed state tax officials in New York and California to research their records to\n     determine whether their states were holding any undelivered or unclaimed\n     tax refunds belonging to FDIC-managed entities.\n\n     Tax officials in New York reported back that their research did not identify\n     any such refunds. The tax database they reviewed, however, only covered\n     the past 3 years for refunds. On the other hand, the Tax Counsel for the\n     California Franchise Tax Board reported that California had identified 22 tax\n     refunds totalling $1,576,411 that belonged to FDIC-managed institutions.\n     The majority of the amount belonged to a single institution\xe2\x80\x93Guardian Federal\n     Savings Association of Huntington Beach, California. The Tax Counsel\n     believes that the FDIC will be able to recover $1,559,418 (99 percent of the\n     total) from 6 of the 22 tax refunds held by state tax officials and added that\n     the state would also pay interest to the FDIC for the period that the states\n     held the refunds. Refunds for the remaining 16 institutions may not be\n     collectable because California has suspended the corporate powers of\n     these entities.\n\n     Our memorandum advised that the Corporation should seek to promptly\n     recover the undelivered tax refunds. Additionally, we suggested that the\n     Corporation follow up with the state of New York to determine whether\n     information on undelivered tax refunds from the late 1980s and early 1990s\n     can be accessed for purposes of identifying refunds owed to the FDIC. We\n     also suggested that the FDIC determine a risk-based approach to reviewing\n     other states for undelivered tax refunds. We informed the Corporation that\n     we considered the $1,559,418 as a potential monetary benefit to the\n     Corporation. The Corporation has taken steps to address each of our\n     suggested actions.\n\n\n\n\n32\n\x0c                                                                                                        \xe2\x98\x85\n                                                                                                                              \xe2\x98\x85\xe2\x98\x85\nInvestigations\n                                                                                Joint Efforts\n             Investigative Statistics                                           The OIG works closely with U.S. Attorney\xe2\x80\x99s Offices\n           April 1, 2002 \xe2\x80\x93 September 30, 2002                                   throughout the country in attempting to bring to justice\n                                                                                individuals who have defrauded the FDIC. The pros-\n                                                                                ecutive skills and outstanding direction provided by\n Judicial Actions:                                                              Assistant United States Attorneys with whom we work\n   Indictments/Informations . . . . . . . . . . . . . . . . . . . .14           are critical to our success. The results we are report-\n                                                                                ing for the last 6 months reflect the efforts of U.S.\n   Convictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17    Attorney\xe2\x80\x99s Offices in the District of Massachusetts, the\n OIG Investigations Resulted in:                                                Southern District of New York, the Eastern District of\n                                                                                New York, the Southern District of Illinois, the\n   Fines of . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$8,800   Southern District of Iowa, the Southern District of West\n                                                                                Virginia, the Eastern District of Tennessee, the\n   Restitution of . . . . . . . . . . . . . . . . . . . .$819,166,126\n                                                                                Northern District of Alabama, the Southern District of\n   Other Monetary Recoveries of . . . . . . . . . . . .$689,691                 Florida, the Western District of Oklahoma, the\n                                                                                Northern District of Texas, the Western District of\n   Total . . . . . . . . . . . . . . . . . . . . . . . . . . .$819,864,617      Texas, and the Central District of California.\n Cases Referred to the Department of\n                                                                                Support and cooperation among other law enforcement\n  Justice (U.S. Attorney) . . . . . . . . . . . . . . . . . . . . .11\n                                                                                agencies is also a key ingredient for success in the\n Referrals to FDIC Management . . . . . . . . . . . . . . . . .3                investigative community. We frequently \xe2\x80\x9cpartner\xe2\x80\x9d with\n                                                                                the Federal Bureau of Investigation (FBI), the Internal\n OIG Cases Conducted Jointly                                                    Revenue Service (IRS), Secret Service, and other law\n with Other Agencies . . . . . . . . . . . . . . . . . . . . . . . .50          enforcement agencies in conducting investigations of\n                                                                                joint interest.\n\nThe Office of Investigations (OI) is responsible for carry-                     Results\ning out the investigative mission of the OIG. Staffed                           Over the last 6 months, OI opened 23 new cases and\nwith agents in Washington, D.C., Atlanta, Dallas, and                           closed 12 cases, leaving 113 cases underway at the end\nChicago, OI conducts investigations of alleged criminal                         of the period. Our work during the period led to indict-\nor otherwise prohibited activities impacting the FDIC                           ments or criminal charges against 14 individuals and\nand its programs. As is the case with most OIG offices,                         convictions of 17 defendants. Criminal charges\nOI agents exercise full law enforcement powers as spe-                          remained pending against 15 individuals as of the end\ncial deputy marshals, under a blanket deputation agree-                         of the reporting period. Fines, restitutions, and recov-\nment with the Department of Justice. OI\xe2\x80\x99s main focus is                         eries stemming from our cases totaled almost\ninvestigating criminal activity that may harm or threaten                       $820 million. The following are highlights of some of\nto harm the operations or the integrity of the FDIC and                         the results from our investigative activity over the last\nits programs. In pursuing these cases, our goal, in part,                       6 months:\nis to bring a halt to the fraudulent conduct under investi-\n                                                                                Fraud Arising at or Impacting Financial\ngation, protect the FDIC and other victims from further                         Institutions\nharm, and assist the FDIC in recovery of its losses.                            Update on Prosecutions Resulting from\nAnother consideration in dedicating resources to these                          Investigation of the Failure of the First National\ncases is the need to pursue appropriate criminal penal-                         Bank of Keystone\nties not only to punish the offender but to deter others                        As has been the case in our last several reports, we are\nfrom participating in similar crimes.                                           again reporting results emanating from the investiga-\n\n\n\n                                                                                                                                33\n\x0ction involving the failure of the First National Bank of     \xe2\x80\xa2 made false entries in the records of the bank to con-\nKeystone (West Virginia). The investigation and prose-         ceal financial losses that the bank sustained from a\ncutions involving Keystone are being conducted by a            complicated loan securitization program that led to\nmulti-agency task force comprised of special agents of         the bank\xe2\x80\x99s insolvency,\nthe FDIC OIG, FBI, and IRS and prosecutors from the\nUnited States Attorney\xe2\x80\x99s Office for the Southern District    \xe2\x80\xa2 conspired with other uncharged former officials of\nof West Virginia and the U.S. Department of Justice.           the bank to launder the proceeds of the bank fraud\nThe FDIC Division of Resolutions and Receiverships             on at least 335 occasions totaling more than\nhas also provided valuable assistance in support of the        $27 million, and\ntask force investigations.\n                                                             \xe2\x80\xa2 engaged in two other money laundering transac-\nAn examination that was conducted by the Office of the         tions totaling approximately $10.7 million.\nComptroller of the Currency in 1999 uncovered infor-\nmation that ultimately resulted in the closure of the       At the time of her most recent sentencing, the defen-\nFirst National Bank of Keystone (Keystone) on               dant was already in prison serving sentences of 4 years\nSeptember 1, 1999. Based on the estimated losses to         and 9 months that she had received in July 2000 fol-\nthe insurance fund attributable to the Keystone failure,    lowing her conviction on charges of obstructing the\nit is one of the ten costliest bank failures since 1933.    examination of the bank that ultimately resulted in its\n                                                            closure and 22 years and 7 months that she had\nThe investigation initially targeted the attempts of the    received in March 2002 following her conviction on\nbank principals to obstruct the examination of the          charges of embezzlement, mail fraud, and conspiracy\nbank. Following the successful prosecution of several       relating to her involvement in the estate of the institu-\nof the bank officers on obstruction charges, the task       tion\xe2\x80\x99s former president. That sentencing also included\nforce turned its focus to the underlying fraud in the       an order that she pay $6,120,000 in restitution.\noperation of the bank that led to the bank\xe2\x80\x99s failure.\nDuring the current reporting period, the former senior      To date, four of the former officers of the bank have\nexecutive vice president and chief operating officer of     been convicted and sentenced for obstructing the\nKeystone was sentenced on May 29, 2002, in the U.S.         examination of the bank. Two of those same officers\nDistrict Court for the Southern District of West Virginia   along with three other officers have been convicted on\nto a total of 27 years and 3 months\xe2\x80\x99 incarceration to be    various other charges relating to illegal activity at the\nfollowed by 3 years\xe2\x80\x99 probation. The incarceration is to     bank, including bank fraud, money laundering, embez-\nbe served concurrently with her other sentences. She        zlement, mail fraud, insider trading, and filing false\nwas also ordered to make restitution in the amount of       income tax returns. Sentencings thus far have totaled\n$812,690,627.                                               over 88 years\xe2\x80\x99 confinement, over 32 years\xe2\x80\x99 probation,\n                                                            fines of $124,500, and over $1.3 billion in court-ordered\nThe defendant had previously entered a plea of guilty       restitution.\non March 4, 2002, to a criminal information charging\nher with bank fraud and conspiracy to commit money          The Keystone Task Force is also pursuing a related\nlaundering. Those charges were based on an investi-         investigation involving the theft of assets under control\ngation disclosing that she:                                 of the United States as a result of the failure of\n                                                            Keystone. On June 5, 2002, a former prison inmate\n \xe2\x80\xa2   diverted monies from the bank\xe2\x80\x99s general ledger         with the senior executive vice president and chief oper-\n     accounts to her accounts and those of others,          ating office of Keystone was indicted by a federal grand\n                                                            jury in the Southern District of West Virginia for violat-\n                                                            ing several federal statutes in connection with an\n\n\n\n\n34\n\x0c                                 alleged scheme to fraud-      Former Director and Former Vice President of\n                                 ulently obtain and resell     Hartford-Carlisle Savings Bank Sentenced, and\n                                 assets. As a part of the      Former President and Two Former Board Members\n                                 prosecution of the cases      Plead Guilty to Bank Fraud-Related Activities\n                                 against the former            Investigations involving the now-defunct Hartford-\n                                 Keystone bank officer, an     Carlisle Savings Bank (HCSB), Carlisle, Iowa, culmi-\n                                 injunction was obtained       nated in several successful prosecutions during this\n                                 by the government to          reporting period. HCSB was an FDIC-regulated insti-\n                                 protect the value of assets   tution that was closed on January 14, 2000, by the Iowa\n                                 that might be used to sat-    Division of Banking and was reopened the next day\n                                 isfy any judgment             under new ownership. State banking regulators ques-\n                                 obtained by the FDIC          tioned the validity of about $6 million in loans when\n                                 against her. The indict-      the bank was closed. The FDIC removed the president\n                                 ment alleges that, upon       a week before the bank was closed. At the time, the\n                                 her release from prison,      FDIC concluded that the president, who was also the\n                                 the woman participated        bank\xe2\x80\x99s largest shareholder, had probably engaged or\n                                 in a scheme to fraudu-        participated in acts, omissions, and practices that con-\n                                 lently obtain some of the     stituted \xe2\x80\x9cviolations of law and regulations, unsafe or\n                                 assets that had been          unsound banking practices, and breaches of his fiduci-\nfrozen by the injunction and resell them to individuals        ary duties to the bank.\xe2\x80\x9d The investigations that fol-\nin four states, collecting in excess of $170,000. As part      lowed the failure of the bank were conducted jointly by\nof the scheme, she is alleged to have falsified a docu-        the FDIC OIG and the FBI, and the corresponding\nment that contained a facsimile of the signature of a          prosecutions were handled by the U.S. Attorney\xe2\x80\x99s Office\nUnited States District Court Judge, which she used to          for the Southern District of Iowa.\nobtain possession of some of the property. Included\namong the assets she is alleged to have illegally              On April 12, 2002, a former director of HCSB and\nobtained were firearms, classic automobiles, Harley-           shareholder in the bank holding company of HCSB\nDavidson motorcycles, a pontoon boat, a ski boat, sport        was sentenced in U.S. District Court for the Southern\nutility vehicles, a tractor, and various other types of        District of Iowa to 3 years\xe2\x80\x99 probation and fined $3,000.\nvehicles and farm equipment. The Keystone Task                 The sentencing was based on his entry of a plea of\n                                                               guilty in January 2002 to a one-count information\n                                                               charging him with making false statements to HCSB.\n                                                               The false statements were made in a loan application\n                                                               he submitted to HCSB as president of an oil company\n                                                               wherein he stated that the specific purpose of the\n                                                               $500,000 loan was for \xe2\x80\x9cterm/equipment.\xe2\x80\x9d Upon receipt\n                                                               of the loan proceeds, he invested the money in the\n                                                               bank holding company of HCSB.\n\n                                                               On May 23, 2002, a former vice president and director\n                                                               of HCSB was sentenced in U.S. District Court for the\n                                                               Southern District of Iowa to 3 years\xe2\x80\x99 probation and\nForce is continuing to coordinate with the trustee and\n                                                               fined $500. The sentencing followed that defendant\xe2\x80\x99s\nwith the FDIC Division Resolutions and Receiverships\n                                                               plea of guilty in February 2002 to a one-count informa-\nin identifying and recovering the stolen assets.\n                                                               tion charging him with making a false statement to the\n\n\n\n\n                                                                                                               35\n\x0cFDIC. In his position as a vice president and director      The sentencings of the former president and his broth-\nof HCSB he submitted Consolidated Reports of                ers are scheduled to occur in 2003.\nCondition (Call Reports) to the FDIC. The information\nto which he pled guilty charged that he submitted a         Former Bank Official and Two Bank Customers of\nCall Report to the FDIC on behalf of HCSB covering          First State Bank, Harrah, Oklahoma, Sentenced for\nthe time period ending June 30, 1999, that failed to        Conspiring to Commit Bank Fraud\nidentify the existence of a $1 million loan made by the     On August 7, 2002, a former executive vice president of\nbank to the bank\xe2\x80\x99s former president.                        First State Bank, Harrah, Oklahoma, was sentenced in\n                                                            the United States District Court for the Western District\nOn September 4, 2002, the former president of HCSB          of Oklahoma to 5 years in prison, 180 days\xe2\x80\x99 home\nentered a guilty plea, in the Southern District of Iowa,    incarceration, and 208 hours of community service,\nto 8 counts of a 34-count indictment returned by a fed-     and was ordered to pay restitution of $3,529,500.\neral grand jury in November 2001 charging him and\nhis two brothers, both of whom were former board            As we previously reported, in February 2001 the for-\nmembers of HCSB, with various bank fraud-related            mer executive vice president and a customer of the\nactivities. The former president pled guilty to making      bank who was a cattle broker, each pled guilty to con-\nfalse entries in the records of HCSB in two instances by    spiracy to commit bank fraud for their participation in\noverstating the value of assets on financial statements     a scheme to defraud the bank by creating a series of 11\nsubmitted in connection with loan applications, and in      fraudulent nominee loans. From August through\ntwo other instances by misrepresenting the purpose of       December 1998, they recruited nominee borrowers and\nloans. He also pled guilty to 4 counts of making false      created fictitious nominee borrowers to obtain the\nstatements. Two of those instances involved the sub-        loans. A nominee borrower is a person or entity\nmission of Call Reports to the FDIC that failed to dis-     whose name is used for the purpose of obtaining a\nclose that HCSB had made loans to its executive offi-       bank loan when the proceeds are actually used for the\ncers. The third false statement involved his creating a     benefit of another. The former executive vice president\nfraudulent HCSB cashier\xe2\x80\x99s check and related deposit         used his position at First State Bank to prepare loan\nticket, which he provided to FDIC examiners purport-        documents, secure loan approvals, and disburse the\ning them to be true documents. In the fourth instance,      loan proceeds to the cattle broker\xe2\x80\x99s employer. The loan\nhe pled guilty to submitting a false financial statement    proceeds from this scheme totaled $1,703,500.\nto another FDIC-insured financial institution in con-\n                                                            On August 8, 2002, the cattle broker was sentenced to\nnection with an outstanding loan, by understating the\n                                                            14 months in prison to be followed by 3 years\xe2\x80\x99 super-\ntrue amount and value of his debts and liabilities.\n                                                            vised release and was ordered to pay restitution of\nAs a result of continuing plea negotiations with the U.S.   $1,703,500.\nAttorney\xe2\x80\x99s Office, on September 11, 2002, the former\n                                                            The same former executive vice president was also\npresident entered guilty pleas to seven additional\n                                                            involved with another customer of the First State Bank\ncounts of bank fraud. His brothers also entered guilty\n                                                            in a separate scheme to defraud the bank. In January\npleas on September 11, 2002 to bank fraud for making\n                                                            2002 that customer pled guilty to a one-count informa-\nor causing to be made false statements to the Federal\n                                                            tion charging him with conspiracy to commit bank\nReserve Bank in connection with an application to\n                                                            fraud. The information charged that from August\nacquire the stock of HCSB. The brothers also agreed to\n                                                            through December 1998 the customer conspired with\nmake restitution to the FDIC in the amount of their\n                                                            the former executive vice president and others in a\noutstanding loans to HCSB at the time of the bank fail-\n                                                            scheme to defraud the bank by creating two forged\nure, which is estimated to be over $200,000 for each.\n                                                            cashier\xe2\x80\x99s checks totaling $1,052,000. The checks listed\n                                                            the customer as the remitter, even though he had not\n                                                            expended any funds to purchase those checks.\n\n\n36\n\x0cOn August 6, 2002, that customer was sentenced to 5 years    employed. As a result of his beneficial interest in the\nin prison to be followed by 3 years of supervised release.   properties, he received a portion of the profits when\n                                                             the real estate was sold. His conviction on filing a false\nThe investigation leading to these actions was conduct-      income tax return was based on his failure to report\ned jointly by the FDIC OIG and the FBI, and the cases        the money he received from the above-described kick-\nwere prosecuted by the U.S. Attorney's Office,               back and bank fraud schemes.\nOklahoma City, Oklahoma.\n                                                             The investigation was conducted jointly by agents of\nFormer Bank Official Pleads Guilty and Is                    the FDIC OIG, FBI, and IRS Criminal Investigations\nSentenced for Bank Fraud, Income Tax Evasion,                Division, and the prosecution was handled by the\nand Receiving Kickbacks on Loans                             United States Attorney\xe2\x80\x99s Office for the Eastern District\nOn September 23, 2002, a former official at two banks in     of Tennessee. The FDIC OIG and the prosecutors also\nMorristown, Tennessee, was sentenced in U.S. District        coordinated with the FDIC Legal Division and the\nCourt for the Eastern District of Tennessee to serve         Division of Supervision and Consumer Protection\n15 months in prison to be followed by 3 years\xe2\x80\x99 probation.    regarding the order to be issued by the FDIC banning\nHe was also ordered to pay restitution of $47,563. As        the former bank official from banking.\npart of his plea agreement with the government, the\ndefendant also agreed to consent to an order to be           Bank Customer of Illinois Bank Is Sentenced for\nissued by the FDIC banning him from banking.                 Bank Fraud\n                                                             On September 30, 2002, the owner of a company that\nThe sentencing of the former bank official followed his      was a customer of Murphy Wall State Bank (MWSB),\nentry of a guilty plea in June to a three-count informa-     Pinckneyville, Illinois, was sentenced in the U.S.\ntion charging him with bank fraud, receiving kick-           District Court for the Southern District of Illinois to\nbacks on loans, and filing a false federal income tax        serve 3 years\xe2\x80\x99 probation and was fined $5,000. The\nreturn. According to the documents filed as part of the      sentencing followed his prior plea of guilty in March\nplea, the defendant worked for Hamblen County Bank           2001 to a one-count information charging him with\nbetween May 1994 and September 1999 as a vice presi-         bank fraud.\ndent, loan officer, and West End branch manager in\nMorristown, Tennessee. Between September 1999 and            As previously reported, this bank customer and the for-\nNovember 2000 he was a loan officer and then an              mer executive vice president of MWSB, were both\nassistant vice president and branch manager of               charged in 2000 in connection with a loan fraud\nCitizens Bank of Grainger County. While employed at          scheme. The former executive vice president pled\nthese two financial institutions, he received kickbacks      guilty to obstructing the examination of a financial\non three loans for the purchase of real estate for which     institution and was sentenced in November 2000 to\nthe loan amount exceeded the purchase price. He also         1 year\xe2\x80\x99s probation and was fined $2,000. Additionally,\nreceived kickbacks on numerous loans submitted by            he signed a Stipulation and Consent agreement with\nan auto sales dealership, the applications for which         the FDIC resulting in a corresponding order prohibit-\ncontained false and misleading information regarding         ing him from participating in the operations or affairs\nvehicle values, down payments, and the customers\xe2\x80\x99            of any federally insured depository institution.\nability to repay.\n                                                             The OIG is participating jointly with the FBI in several\nThe guilty plea to bank fraud was based on his failure       investigations involving MWSB that are being prose-\nto disclose his beneficial interest in a number of real      cuted by the U.S. Attorney\xe2\x80\x99s Office for the Southern\nestate transactions in which he was involved in secur-       District of Illinois. In addition to the prosecutions\ning purchase loans from the institutions where he was        described above, these cases have resulted thus far in\n\n\n\n\n                                                                                                              37\n\x0cthe conviction of another customer of MWSB on bank          band and wife owners of a construction company and\nfraud charges. That customer was sentenced in June          the company itself with bank fraud and conspiracy to\n2001 to 4 months in jail, to be followed by 4 months of     commit bank fraud.\nhome detention and 5 years\xe2\x80\x99 probation. He was also\nfined $200 and ordered to make restitution of $157,312      As alleged in the indictment, between December 1997\nto MWSB. Although the former president of MWSB              and July 2000 the couple used their company to submit\nwas indicted on charges of obstructing an examination       invoices for construction work purportedly performed\nof the bank, making a false statement to the FBI, mak-      for Community Bank, an FDIC-regulated bank located\ning false bank entries, and misapplying bank funds, he      in Blountsville, Alabama. According to the indictment,\nwas acquitted on those charges in June of this year.        some of the invoices were for work that was never per-\n                                                            formed and other invoices were for personal construc-\nFormer Officer Pleads Guilty to Misapplying Funds           tion work performed for the bank\xe2\x80\x99s chief executive offi-\nof the Institution for Savings of Newburyport,              cer, relatives of the chief executive officer, and the\nMassachusetts                                               bank\xe2\x80\x99s vice president of construction and maintenance.\nOn July 8, 2002, the U.S. District Court for the District   The indictment further alleges that the records of the\nof Massachusetts accepted a plea of guilty by a former      bank were falsified to reflect that the work was com-\nofficer of the Institution for Savings (IFS) of             pleted at the bank\xe2\x80\x99s facilities. In total, the defendants\nNewburyport, Massachusetts, to 59 counts of misapply-       are alleged to have received approximately $1,685,000\ning the funds. As described in our last semiannual          as a result of the fraud scheme.\nreport, the former officer was indicted in March 2002\nfor misapplying a total of approximately $162,000 of        The indictment includes a forfeiture claim seeking any\nfunds between February 1997 and March 2001 by nego-         property derived from the fraud scheme. Specifically\ntiating her personal checks at IFS and then removing        identified in the forfeiture count are the contents of a\nthem from the bundle of items that IFS was sending to       bank account of the company, a boat, 2 motorcycles,\nthe Federal Reserve Bank for processing. Later, when        11 vehicles, 2 tractors, 7 trailers, various construction\nthe missing amounts were reported back to IFS, she          equipment, and 6 pieces of real estate.\nwould make entries in the books and records of IFS to\n                                                            As we previously reported, in October 2001 agents\nconceal the missing funds.\n                                                            from the FDIC OIG and FBI seized over $70,000 in pro-\nAs a part of her plea agreement with the government,        ceeds and some unsold items including a semi-tractor\nthe defendant will also forfeit her home in Amesbury,       trailer and two motorcycles following an asset sale by\nMassachusetts, which was purchased, in part, with           the construction company. Subsequently, all of the\nsome of the funds that she embezzled.                       bank accounts of the company were frozen pursuant to\n                                                            a U.S. District Court order.\nThe investigation of this case is being conducted jointly\nby agents of the FDIC OIG and the FBI. Prosecution of       The investigation of suspected fraud involving\nthe case is being handled by the United States              Community Bank is being conducted by agents from\nAttorney\xe2\x80\x99s Office for the District of Massachusetts.        the FDIC OIG, FBI, and IRS.\n                                                            Management and Sale of FDIC-Owned Assets\nOwners of Construction Company Indicted for\n                                                            Former Employee of Contract Asset Management\nDefrauding Community Bank of Blountsville,\n                                                            Company Pleads Guilty to Theft of Government\nAlabama\n                                                            Funds\nOn June 11, 2002, an indictment was unsealed that had\n                                                            On September 12, 2002, a former employee of a compa-\nbeen returned on May 31, 2002, by a federal grand jury\n                                                            ny hired by the Resolution Trust Corporation to man-\nin the Northern District of Alabama charging the hus-\n                                                            age assets entered a plea of guilty in the U.S. District\n\n\n\n\n38\n\x0cCourt for the Western District of Texas to a one-count         This investigation was conducted jointly with the FBI,\ninformation charging him with theft of funds belonging         and the criminal prosecution is being pursued by the\nto the FDIC.                                                   U.S. Attorney\xe2\x80\x99s Office for the Western District of Texas.\n\nThe plea was the result of an investigation initiated by       Real Estate Speculator Ordered to Pay FDIC\nthe FDIC OIG based on a referral from the FDIC                 Restitution of $378,000\nDivision of Resolutions and Receiverships indicating           On September 30, 2002, a real estate speculator was\nthat the defendant may have been engaged in self-deal-         sentenced in the U.S. District Court for the Central\ning in the sale of at least one asset. The investigation       District of California to 37 months\xe2\x80\x99 incarceration to be\ndisclosed that the defendant used his position as an           followed by 36 months of probation. He was also\nasset specialist with the contractor to negotiate and sell     ordered to pay restitution of $912,000, of which\nFDIC assets to entities with whom he had undisclosed           $378,000 is to be paid to the FDIC.\nagreements to collect additional payments and fees. To\nhide his conflicting interests in the sale of assets, he       The OIG initiated an investigation based on informa-\narranged with his wife and one of his associates to            tion that was referred by the Division of Resolutions\nform two companies for the sole purpose of purchasing          and Receiverships indicating the defendant and an\nproperties from the portfolio of properties he was             accomplice may have defrauded the FDIC as part of a\nresponsible for managing for the Resolution Trust              transaction involving an FDIC-owned single family\nCorporation/FDIC. Properties sold to these companies           residence in Sunset Beach, California. The FDIC had\nwere re-sold shortly thereafter for a higher amount.           assumed ownership of the property following the clo-\nThe defendant also collected additional fees and pay-          sure of Mechanics National Bank.\nments during the sale of the assets.\n                                                               The investigation confirmed that the FDIC had been\nThrough his self-dealings, the defendant received              defrauded. However, during the course of the investi-\napproximately $700,000 in kickbacks and caused the             gation it was discovered that the defendant was also\nFDIC and the asset management company losses of                under investigation by the FBI for similar fraud\napproximately $1.2 million. In her capacity as the des-        schemes involving two other properties and that he\nignated owner of one of the companies, the defendant\xe2\x80\x99s         had already been indicted on an older, unrelated FBI\nwife has settled a civil suit filed against her by the asset   case involving loan fraud. He pled guilty and was sen-\nmanagement company for $541,000, which represents              tenced to probation in December 1998 on the loan\nthe financial gain realized by that company as a result        fraud case. In pursuing prosecution of the more recent\nof the self-dealings. The asset management company,            illegal activities, the Assistant United States Attorney\nin turn, remitted these settlement funds to the FDIC.          who handled the case chose to charge him based on\nThe asset management company has also received an              his conduct involving the non-FDIC properties but to\n\xe2\x80\x9cArbitration Award\xe2\x80\x9d against the defendant for                  use the information pertaining to the FDIC property as\n                                                               relevant conduct during sentencing. Accordingly,\n \xe2\x80\xa2 actual damages of $631,256.60,                              when the defendant was sentenced as described above\n                                                               in connection with his prior guilty plea to wire fraud\n \xe2\x80\xa2 punitive damages of $150,000,                               and money laundering, the restitution he was ordered\n                                                               to pay included $378,000 to be paid to the FDIC.\n \xe2\x80\xa2 arbitration cost/expenses of $12,900,\n                                                               FDIC Property Management Contractor Agrees to\n \xe2\x80\xa2 prejudgment interest on actual damages of\n                                                               Pay FDIC $38,000\n   $111,121.83, and\n                                                               On September 10, 2002, an FDIC property manage-\n \xe2\x80\xa2 post-judgment interest of 10 percent per annum on           ment contractor signed a settlement agreement with\n   the entire award.                                           the FDIC and the United States Attorney\xe2\x80\x99s Office for the\n\n\n\n                                                                                                                39\n\x0cEastern District of New York which stipulates that the    As alleged in the indictment, beginning in March 1990,\ncompany will pay the FDIC $38,000. In return, the         the defendants entered into a series of loan agreements,\nU.S. Attorney\xe2\x80\x99s Office and the FDIC agreed not to         guarantees, and promissory notes on behalf of their\npursue potential prosecution or administrative action     company with First New York. In 1992, they acknowl-\nrelated to the company profiting from the sale of an      edged they had defaulted on the loans and entered into\nFDIC property.                                            repayment agreements with First New York in which,\n                                                          among other things, they agreed to repay the loans by\nAn OIG investigation was initiated based on informa-      granting First New York the right to clear all payments\ntion received by the OIG Hotline alleging that the com-   made by company\xe2\x80\x99s customers. The defendants also\npany improperly profited from the sale of a property it   agreed to direct all present and future customers to\nmanaged for the                                           make their payments directly to First New York.\nFDIC. The investi-\ngation determined                                         However, unbeknownst to First New York, between\nthat a principal of                                       July 1992 and August 1995 the defendants deposited\nthe company pro-                                          accounts receivable payments owed to First New York\nvided financing to                                        pursuant to the agreements into an account they had\nthe purchaser of a                                        set up at another bank. The indictment also alleges\nproperty he was                                           that, in furtherance of their scheme, they formed a\nmanaging for the                                          series of shell companies, which they used to falsely\nFDIC. Additionally,                                       hide business activities between the company and its\nthe investigation                                         customers, thereby circumventing the repayment\ndetermined that                                           agreements with First New York.\nwhen the original\npurchaser resold the property, the same company prin-     The OIG initiated this investigation based on a referral\ncipal received not only his original investment, but an   from the FDIC Legal Division, which became aware of\nagreed-upon profit.                                       questionable transfers during the discovery phase of\n                                                          civil litigation with the company over its debt.\nBased on the results of the investigation, the U.S.\nAttorney\xe2\x80\x99s Office and the FDIC negotiated a settlement    Former Contract Auctioneer Pleads Guilty and Is\nwith the company whereby the company will repay the       Sentenced for Credit Card Fraud\nFDIC the $28,000 profit it received on the transaction    On April 18, 2002, a former contract auctioneer for the\nplus $10,000 towards the cost of the OIG investigation.   Resolution Trust Corporation pled guilty in the U.S.\n                                                          District Court for the Southern District of Florida to\nRestitution and Other Debt Owed the FDIC                  credit card fraud in excess of $200,000. The plea was\nOwners of Company that Owed Over $3 Million to            entered pursuant to an agreement with the United\nthe Former First New York Bank for Business               States, which also provided that a second charge pend-\nIndicted for Conspiracy and Bank Fraud                    ing against him for concealing assets to avoid paying\nOn June 20, 2002, the two owners of a company that        restitution to the FDIC would be withdrawn. However,\nborrowed over $3 million from the now-defunct First       he acknowledged in the plea agreement that he still\nNew York Bank for Business (First New York) were          owes approximately $77,000 in restitution in connec-\nindicted by a federal grand jury in the Southern          tion with the credit card fraud and that he owes the\nDistrict of New York on charges of defrauding and con-    FDIC restitution of $118,130 less payments already\nspiring to defraud the bank. The FDIC was appointed       made. On June 11, 2002, he was sentenced in the U.S.\nto act as the receiver for First New York following its   District Court for the Southern District of Florida to\nclosure by the State of New York Banking Department       18 months in jail, 3 years\xe2\x80\x99 probation, and ordered to\nin November 1992.                                         pay $76,985.51 in restitution.\n\n\n\n40\n\x0cThe defendant and his company were the subjects of a       ly insured as promised. More than $1.3 million in pro-\nprior OIG investigation that resulted in his prosecution   ceeds from the sale of CDs was commingled in a single\nfor embezzling funds from the FDIC while serving as a      bank account in Dallas, which the principals of the\ncontract auctioneer. In April 2000 he was sentenced in     scheme intended to use to make high-risk investments\nthat case to serve 5 months of confinement, 150 days of    that were not FDIC-insured. The accomplice who was\nhome detention, and 1 year of probation and to pay a       sentenced as described above was the intended recipient\nfine of $75,000. Also as part of the sentencing, he and    of the $1.3 million generated as a result of this scheme.\nhis company were ordered to pay restitution jointly\nand severally of $118,130 to the FDIC.                     As we previously reported, the insurance agency\n                                                           owner was also prosecuted for his part in the scheme.\nFollowing a joint investigation by agents of the OIG       Following his guilty plea to one count of securities\nand the U.S. Secret Service, the former contract auc-      fraud, in January 2001 he was sentenced to 14 months\xe2\x80\x99\ntioneer was indicted in August 2001 for concealing         imprisonment and 3 years\xe2\x80\x99 probation. Additionally,\nassets to avoid paying the restitution to the FDIC and     over $1.3 million generated from the sale of the CDs\nfor credit card fraud. With respect to the concealment     was seized by the government and subsequently\ncharge, the indictment alleged that he transferred his     returned to the victims.\ninterest in his home via quit claim deed to his wife\nwithin days after learning of an imminent potential        Securities Dealer Charged and Arrested for Theft\nindictment against him in the embezzlement case. The       and the Selling of Unregistered Securities Totaling\nhome was sold in May 2000 for a net profit of $663,396.    $67,390,735\n                                                           Based on an investigation that the FDIC OIG is con-\nMisrepresentations Regarding FDIC Insurance or             ducting jointly with the Riverside County (California)\nAffiliation                                                District Attorney\xe2\x80\x99s Office, a 67-count complaint has\nAccomplice Sentenced for Participation in Fraud            been filed charging a securities dealer in California\nScheme Involving Uninsured Certificates of Deposit         with selling unregistered securities (CDs), making\nOn April 18, 2002, an accomplice in a fraud scheme         false statements in the sale of the securities, and theft.\ninvolving the sale of certificates of deposit (CDs) was    He is also charged with participating in a pattern of\nsentenced in the U.S. District Court for the Western       felony conduct involving the taking of more than\nDistrict of North Carolina to 41 months\xe2\x80\x99 imprisonment      $500,000.\nand 2 years\xe2\x80\x99 probation. He was also ordered to pay\nrestitution totaling $190,662.83. The sentencing fol-      The securities dealer was licensed to sell securities\nlowed his prior plea of guilty in August 2000 to one       through San Clemente Services, Inc., another company\ncount of money laundering.                                 involved in the sale of brokered CDs. However, as\n                                                           reflected in the charges against him, he is accused of\nThe defendant was prosecuted for his part in a scheme      defrauding investors through material misrepresenta-\ninvolving the sale of CDs that were falsely represented    tions regarding FDIC insurance coverage, investment\nto have been issued by the Bank of America and FDIC-       yields, fees, and commissions in the sale of approxi-\ninsured up to $100,000, as well as privately insured.      mately 1,241 CDs totaling $67,390,735.\nThe scheme was initiated by the principal owner/man-\nager of an insurance agency located in Oklahoma City,      This OIG investigation was initiated based on a referral\nOklahoma, who, aided and abetted by others, con-           by the Division of Supervision and Consumer\nvinced mostly elderly individuals to purchase the CDs      Protection of information obtained during the examina-\nthrough advertisements offering high rates of return.      tion of a bank indicating irregularities in deposits the\nIn fact, however, the CDs were issued by an entity         bank had placed with San Clemente Services. The\nestablished for the purpose of collecting money from       prosecution of the case is being handled by the\nthe unwary investors. Accordingly, the CDs were not        Riverside County District Attorney\xe2\x80\x99s Office.\nseparately insured by the FDIC, nor were they private-\n\n\n                                                                                                             41\n\x0cEmployee Activities                                         The OIG initiated an investigation based on a referral\nFormer Examiner Pleads Guilty and Is Sentenced              from the Division of Information Resources\nfor Illegal Conversion of FDIC Funds                        Management indicating that six activated cellular tele-\nOn June 12, 2002, a former FDIC examiner with the           phones had been stolen from the FDIC offices in Dallas\nDivision of Supervision was sentenced in the U.S.           between August 2000 and April 2001. The defendant\nDistrict Court for the Western District of Texas to         was identified as the suspect through investigative\n5 years\xe2\x80\x99 probation, 100 hours of community service,         efforts, which included analysis of telephone calling\nand ordered to pay restitution of $14,789.01. The sen-      patterns. He had worked as a security guard at the\ntencing followed the former examiner\xe2\x80\x99s guilty plea in       FDIC facility from August 2000 until April 2001, when\nApril of this year to an information charging her with      he was terminated for unrelated conduct. An interview\nillegally converting public property (FDIC funds) to        of the suspect in May 2001 resulted in the recovery of\nher own use. The OIG initiated an investigation of          two of the cellular telephones.\nthe former examiner based on a referral by the\n                                                            Other\nthen-Division of Supervision indicating the employee\n                                                            Man Who Posed as \xe2\x80\x9cFDIC Inspector\xe2\x80\x9d Pleads Guilty\nmay have submitted false claims to the FDIC for\n                                                            to Fraudulently Using Bank Routing and Account\nreimbursement of relocation-related expenses. The\n                                                            Numbers\nexaminer terminated her employment with the FDIC\n                                                            Pursuant to a plea agreement with the United States\nin May 2000. Based on an affidavit by the OIG case\n                                                            Attorney\xe2\x80\x99s Office, on September 20, 2002, a man who\nagent which set forth facts obtained during the investi-\n                                                            had posed as an \xe2\x80\x9cinspector\xe2\x80\x9d with the FDIC pled guilty in\ngation, a warrant was issued for her arrest, and on\n                                                            the U.S. District Court for the Northern District of Texas\nMarch 1, 2002, special agents of the OIG arrested her\n                                                            to one count of fraudulent use of an access device.\nat her home. As described in the affidavit, between\nFebruary and May 1998 she submitted vouchers for            This OIG investigation was initiated based upon a\nrelocation-related expenses totaling $32,978. The           referral from a case manager in the then-Division of\nvouchers included claims for temporary quarters             Supervision who reported that he had received two\nsupported by hotel receipts that had been manufac-          phone calls from businesses located at Preston Forest\ntured by the employee.                                      Village shopping center. Both callers said that a man\n                                                            representing himself as an \xe2\x80\x9cinspector\xe2\x80\x9d with the FDIC\n                                                            had asked to look at their credit card machines and\n                                                            merchant account statements. Investigation identified\n                                                            the defendant as the responsible party. At the time he\n                                                            was employed by a company that is in the business of\n                                                            selling credit card processing services and payment\n                                                            systems to small businesses. Upon learning of his mis-\n                                                            representing himself as an FDIC inspector, the compa-\n                                                            ny terminated his employment.\nFormer Security Guard at FDIC Facility in Dallas Is\nSentenced for Theft of FDIC Cellular Telephones             Further OIG investigation of his related activities dis-\nOn August 23, 2002, a former security guard at an           closed that the defendant had been employed as a col-\nFDIC facility in Dallas was sentenced in the District       lection representative by The Associates National Bank,\nCourt for Dallas County, Texas, to pay a fine of $300,      Irving, Texas, and, as such, had access to the bank\ncourt costs of $280.25, and $500 restitution to the FDIC.   routing and account numbers of the bank\xe2\x80\x99s credit card\nHe was also placed on probation for 1 year.                 clients. In February 2001 he opened an account at\n                                                            Chase Manhattan Bank, Irving, Texas. He then falsely\n                                                            made 10 checks totaling approximately $7,062 using\n\n\n\n42\n\x0cthe bank account numbers of clients of The Associates\n\n\n\n\n                                                             \xe2\x98\x85\nNational Bank and deposited the checks into his\naccount at Chase Manhattan Bank.\n\nWitness Is Charged and Pleads Guilty to Theft of\nGovernment Funds\nOn July 18, 2002, a witness who had been interviewed\nas a part of an OIG investigation into alleged conceal-\nment of assets pled guilty in the U.S. District Court for\nthe District of Massachusetts to theft of government\n\n\n\n\n \xe2\x98\x85\nfunds. The witness had been previously indicted in\nJune 2002 for receiving approximately $45,000 in Social\nSecurity disability benefits to which he was not entitled.\n\nThe witness was contacted as a part of an OIG investi-\ngation because of his affiliation with a suspect who\nwas allegedly concealing assets to avoid paying\n$5 million in restitution that he owed the FDIC as a\nresult of his conviction on bank fraud charges in 1991.\nBecause of apparent false information that the witness\nprovided in an affidavit, additional investigation was\nconducted which disclosed that he had been continu-\ning to receive Social Security disability benefits to\nwhich he was not entitled.\n\n\n\n\n\xe2\x98\x85                                                                43\n\x0c         Four OIG Special Agents Receive Attorney General\xe2\x80\x99s\n                  Award for Distinguished Service\n                                                     Assistant Special Agent in Charge Phil\n                                                     Robertson, and Special Agents Gary Sherrill,\n                                                     Bart Henkle, and Todd Price were among the\n                                                     11 team members who received the Attorney\n                                                     General's Award for Distinguished Service\n                                                     for their exemplary work in the investiga-\n                                                     tions and prosecutions relating to the failure\n                                                     of the First National Bank of Keystone (West\n                                                     Virginia). Attorney General John Ashcroft\n                                                     personally presented the award to the team\n                                                     members during the Attorney General's 50th\n                                                     Annual Awards Ceremony, which was held\n               The Attorney General\xe2\x80\x99s\n           50th Annual Awards Ceremony               on July 17, 2002, at Constitution Hall in\n                                                     Washington, D.C.\n\n     The basis for the award to the Keystone team was summarized as follows in the ceremony\n     program:\n\n      \xe2\x80\x9cThe team is recognized for their exemplary role in the investigation and prosecu-\n      tion of former bank executives in Keystone, West Virginia. They demonstrated out-\n      standing dedication, teamwork, and skill in investigating and prosecuting those\n      responsible for one of the largest single bank failures in recent history, a failure\n      which cost the Federal Deposit Insurance Corporation insurance fund over $800 mil-\n      lion. Their noteworthy efforts, which resulted in the conviction of seven defendants\n      and included two trials and a series of guilty pleas in a very complex investigation,\n      serve as a model for cooperation and partnership.\xe2\x80\x9d\n\n     The Distinguished Service award is the second highest award given by the Attorney General.\n     Only three other teams and one individual received the award this year. Among the other\n     recipients in this category were awards for the investigative team responsible for the success-\n     ful prosecution of Ahmed Ressam, a member of the Osama bin Laden terrorist organization\n     who was arrested transporting explosives in an attempt to destroy the Los Angeles\n     International Airport during the 2000 millennium celebration. Another was presented to the\n     investigative team responsible for the investigation and prosecution of those responsible in\n     the bombings of our embassies in Nairobi, Kenya, and Dar Es Sallam, Tanzania, in August 1998.\n\n\n\n\n44\n\x0c                                                                                      \xe2\x98\x85\n                                                                                                              \xe2\x98\x85\xe2\x98\x85\n OIG Organization\nLike the Corporation, the OIG has been engaged in a        around five operational directorates: Resolution,\nmajor downsizing effort, which has resulted in signifi-    Receivership, and Legal Affairs; Insurance,\ncant reorganization. Through participation in the          Supervision, and Consumer Affairs; Information\nCorporation\xe2\x80\x99s early retirement and buyout program          Assurance; and Resources Management. A fifth direc-\nand other attrition, by March 2003, 54 employees will      torate, Corporate Evaluations, performs corporate-wide\nhave separated from the OIG, or 25 percent of our April    and other evaluations, which are integrated into each\n2002 staff level. The OIG also closed its San Francisco    of the other primary Directorates. We issued our Fiscal\nfield office during the reporting period. The OIG plans    Year 2003 Assignment Plan, which identifies audits and\nto have a permanent staff level of 168 in 2003, com-       evaluations based on our understanding of the prioriti-\npared with the 215 staff authorized for 2002. As a         zation of key risks to the FDIC. The projects included\nresult, our 2003 corporate budget is 12 percent less       in the plan are specifically designed to help the FDIC\nthan our 2002 budget. The downsizing has presented         successfully address risks, meet its many challenges,\nus with new challenges that parallel the Corporation\xe2\x80\x99s     and accomplish its strategic goals.\nchallenges\xe2\x80\x94both operational and human capital-relat-\ned. The separation of so many employees has resulted\nin a loss of hundreds of years of knowledge and expert-             OIG Internal IT Security\nise. In light of such dramatic changes, the OIG is com-                    Program\nmitted to evaluating its workload and analyzing exist-\ning knowledge and skills to determine what gaps exist,        The OIG continued development of an Information\nhow to best fill those gaps, whether any \xe2\x80\x9csurplus\xe2\x80\x9d staff      Security Program for the OIG\xe2\x80\x99s automated informa-\nexist and, if so, how they can best be re-deployed.           tion and systems. The program is part of a wider\n                                                              information security program being implemented\nThe new organization, though smaller, is more closely         throughout the FDIC. The efforts internal to the OIG\naligned with key FDIC mission areas. We are also              have thus far included designating an information\nmaking strategic changes that align our planning              security manager, appointing an advisory commit-\nprocess more closely with our budget process and with         tee with representatives from each OIG organization\nreporting requirements of the Inspector General Act.          component, publishing \xe2\x80\x9ce-security tips\xe2\x80\x9d for OIG\nWe continue to work to improve the quality of our             staff, and drafting new policies for further consider-\ngoals, objectives, and performance measures. The              ation. In the future, this program will also address\nplans that drive our work will reflect the OIG\xe2\x80\x99s transi-\n                                                              areas such as data access control, hardware con-\ntion from a calendar year performance planning and\n                                                              trol, virus protection, disaster recovery, contingency\nreporting cycle to a fiscal year cycle ending\n                                                              planning, business continuity, data storage manage-\nSeptember 30. This will be consistent with the OIG\xe2\x80\x99s\n                                                              ment, and application security management. The\nseparate appropriation based on a typical government\n                                                              OIG is also working with Corporation staff to pro-\nfiscal year and will also be consistent with the semian-\n                                                              pose measures to enhance corporate-wide informa-\nnual reporting periods prescribed by the Inspector\n                                                              tion technology security.\nGeneral Act. Further, we have identified four strategic\ngoals to reflect the OIG\xe2\x80\x99s future priorities: (1) Value\nand Impact, (2) Communication and Outreach,\n(3) Human Capital, and (4) Productivity.\n\nThe Office of Audits (OA) was most impacted by the\nOIG\xe2\x80\x99s downsizing initiative. To meet the needs of the\nCorporation and to better ensure that our work adds\nvalue, OA has undergone a major reorganization\n\n\n\n\n                                                                                                             45\n\x0c                                                           \xe2\x98\x85\nOur Office of Investigations (OI) has also realigned its\nstaff and field operations in response to the OIG\xe2\x80\x99s\ndownsizing effort. OI operates two regional offices:\nthe East Region, based in Atlanta, has agents in Atlanta\nand Washington, D.C., and the West Region, based in\nDallas, has agents in Dallas and Chicago. In addition\nto regional operations, OI maintains a Special\nInvestigations and Electronic Crimes Team based in\nWashington, D.C. Members of this team are assigned\nto particularly sensitive investigations and, where\nneeded, provide support to major investigations under-\n\n\n\n\n                                                           \xe2\x98\x85\nway in the regions. This team also specializes in con-\nducting investigations of computer crimes and in sup-\nporting OI in cases requiring seizure and analysis of\ncomputer evidence. Other OIG offices have adapted to\nchanging workloads and/or combined functions in\nseeking to improve overall process efficiencies.\n\nWhile restructuring to a smaller workforce, the OIG\ncontinues to look to increasing the value of our people\nand the performance capacity of the OIG. During this\nreporting period the OIG issued a Human Capital\nStrategic Plan, which will align and integrate our\nhuman resource policies and practices with the OIG\n\n\n\n\n                     \xe2\x98\x85\nmission. As referenced earlier, the alignment of our\nhuman resources with our mission is a new strategic\ngoal in the OIG\xe2\x80\x99s revised Strategic Plan. It comple-\nments the other strategic goals of the Strategic Plan by\nseeking to align and integrate human resource policies\nand practices with our business practices. The Human\nCapital Strategic Plan outlines four objectives to maxi-\nmize the return on our human capital investments and\nsustain a high-performance organization. The objec-\ntives relate to workforce analysis; competency invest-\nments; leadership development; and a result-oriented,\nhigh-performance culture.\n\n\n\n\n46\n\x0c\xe2\x98\x85                                  Internal OIG Activities\n    \xe2\x80\xa2 Issued Office of Audits\xe2\x80\x99 FY 2003 Assignment Plan.\n\n    \xe2\x80\xa2 Issued OIG Human Capital Strategic Plan.\n                                                               America representatives at various briefings during\n                                                               the reporting period. Topics include the role, work,\n                                                               and priorities of the FDIC OIG.\n                                                                                                                           \xe2\x98\x85\n    \xe2\x80\xa2 Submitted 2003 corporate budget to the FDIC\xe2\x80\x99s          \xe2\x80\xa2 Completed a joint evaluation of the Federal\n      Chief Financial Officer. As a result of OIG downsiz-     Financial Institutions Examination Council, per-\n      ing, our 2003 budget is 12 percent less than our         formed jointly with the OIGs of the Department of\n      2002 corporate budget.                                   the Treasury and the Board of Governors of the\n                                                               Federal Reserve System. The evaluation conclud-\n    \xe2\x80\xa2 Attended and spoke at various conferences\n                                                               ed that the Federal Financial Institutions\n      regarding information technology and Government\n                                                               Examination Council is accomplishing its legisla-\n      Information Security Reform Act (GISRA) issues\n                                                               tive mission of prescribing uniform principles,\n      based on our recent GISRA work, including spon-\n                                                               standards, and report forms and achieving coordi-\n      soring an update conference with the U.S. General\n                                                               nation between the banking agencies.\n      Accounting Office (GAO), Office of Management\n      and Budget, and 11 federal departments and 34          \xe2\x80\xa2 Continued participation in inter-agency Government\n      independent agencies regarding the implementa-           Performance and Results Act (Results Act) Interest\n      tion of GISRA.                                           Groups sponsored by the President\xe2\x80\x99s Council on\n                                                               Integrity and Efficiency and the U.S. Office of\n    \xe2\x80\xa2 Attended various professional conferences includ-\n                                                               Personnel Management to share ideas and best\n      ing: Institute of Internal Auditors\xe2\x80\x99 International\n                                                               practices on the Results Act implementation.\n      Conference; Association of Government\n      Accountants\xe2\x80\x99 Professional Development                  \xe2\x80\xa2 Participated in a panel discussion at the\n      Conference; Federal Audit Executive Council\xe2\x80\x99s            FDIC/Department of Justice Federal Strategies\n      Annual Conference; FDIC\xe2\x80\x99s Corporate Security             Against Fraud Conference relating to the OIG\xe2\x80\x99s\n      Conference; and National Academy of Public               investigation of the Keystone National Bank fail-\n      Administration\xe2\x80\x99s Performance Conference.                 ure. The OIG provided an overview of the obstruc-\n                                                               tion and fraud investigation stemming from\n    \xe2\x80\xa2 Hosted meeting of GAO-sponsored Joint\n                                                               Keystone\xe2\x80\x99s failure, as well as a discussion of the\n      Information Security Audit Initiative to develop\n                                                               \xe2\x80\x9cred flags\xe2\x80\x9d or fraud indicators discovered during\n      strategies for addressing information security\n                                                               the course of this and other investigations.\n      risks to the government.\n                                                             \xe2\x80\xa2 Four OIG Special Agents received the Attorney\n    \xe2\x80\xa2 Briefed representatives of the President\xe2\x80\x99s Critical\n                                                               General\xe2\x80\x99s Award for Distinguished Service for their\n      Infrastructure Board on recent and planned audit\n                                                               exemplary work in the investigations and prosecu-\n      and evaluation coverage of physical and informa-\n                                                               tions relating to the failure of the First National\n      tion security issues.\n                                                               Bank of Keystone in West Virginia. (See write-up\n    \xe2\x80\xa2 Further strengthened the OIG\xe2\x80\x99s internal                  in Investigations section of this report.)\n      Information Technology Security Program through\n                                                             \xe2\x80\xa2 Patricia Black became Deputy Inspector General\n      a number of new initiatives. (See highlighted\n                                                               for the OIG. For the past 5 years Ms. Black has\n      write-up in this section.)\n                                                               served as Counsel to the Inspector General and\n    \xe2\x80\xa2 Spoke on information security issues at a meeting        was Counsel to the Resolution Trust Corporation\n      of the Computer System Security and Privacy              (RTC) Inspector General from the RTC\xe2\x80\x99s inception\n      Advisory Board, providing an audit perspective on        in 1989 until the RTC merged with the FDIC.\n      baseline information security risks, the statutory\n                                                             \xe2\x80\xa2 Led a PCIE committee to update OIG quality stan-\n      framework related to information security, pro-\n                                                               dards.\n      gram and systems security standards, and matri-\n      ces that are useful for assessing both information     \xe2\x80\xa2 Reviewed and provided comments on the expo-\n      systems and information security programs.               sure draft of GAO\xe2\x80\x99s revised Government Auditing\n                                                               Standards.\n    \xe2\x80\xa2 Inspector General makes presentations to America's\n      Community Bankers, Conference of State Bank            \xe2\x80\xa2 Presented results of OIG audits and evaluations at\n      Supervisors, and Independent Community Bankers of        three Audit Committee meetings.\n\n\n\n                                                                                                                      47\n\x0c\xe2\x98\x85    \xe2\x98\x85\n                        Assistance to FDIC Management\n     \xe2\x80\xa2 Participated in National Conference for Field Office   \xe2\x80\xa2 Attended various meetings with FDIC Division\n       Supervisors regarding the progress of Process            Directors and Division of Supervision and\n       Redesign Phase II.                                       Consumer Protection (DSC) Field Office\n                                                                Supervisors to continue outreach initiatives by\n     \xe2\x80\xa2 Participated in the FDIC\xe2\x80\x99s development and imple-        discussing ongoing and planned audits and evalu-\n       mentation of the Office of Management and                ations, risk areas, and other issues of mutual\n       Budget\xe2\x80\x99s Information Quality Guidelines.                 interest. The meetings are intended to communi-\n                                                                cate and coordinate OIG work throughout the\n     \xe2\x80\xa2 Briefed the Chairman and FDIC Operating\n                                                                Corporation.\n       Committee on the OIG\xe2\x80\x99s Fourth Annual OIG Client\n       Survey.                                                \xe2\x80\xa2 Met with Memphis and Atlanta DSC management\n                                                                officials to discuss our Office of Investigations\xe2\x80\x99\n     \xe2\x80\xa2 Commented on the FDIC\xe2\x80\x99s 2001 Annual\n                                                                involvement in open bank investigations, handling\n       Performance Report. (See Establishing Goals and\n                                                                of Right to Financial Privacy Act issues concern-\n       Measuring Results write-up.)\n                                                                ing DSC examiners and OIG investigations, and\n     \xe2\x80\xa2 Completed an annual review of the Corporation\xe2\x80\x99s          bank examiner awareness of situations involving\n       Internal Control and Risk Management Program,            possible obstruction of FDIC bank examinations.\n       concluding that the program was conducted in             Also discussed issues related to open and closed\n       accordance with FDIC policy and was consistent           bank investigations being conducted in DSC\xe2\x80\x99s\n       with provisions of the Federal Managers\xe2\x80\x99 Financial       Atlanta and Memphis regions and the Office of\n       Integrity Act.                                           Investigation\xe2\x80\x99s new organizational structure.\n                                                                These issues were also discussed by the Office of\n     \xe2\x80\xa2 Provided technical assistance in a joint project         Investigations at a Division of\n       with the Office of Internal Control Management           Supervision/Division of Compliance and\n       and the Division of Administration to determine          Consumer Affairs training conference.\n       whether FDIC policies ensure that accounting and\n       auditing contractors comply with GAO\xe2\x80\x99s new inde-       \xe2\x80\xa2 Inspector General and Director, OICM, make a joint\n       pendence standards. (See Establishing Goals and          presentation to Association of Government\n       Measuring Results write-up.)                             Accountants\xe2\x80\x99 professional development confer-\n                                                                ence on the roles and responsibilities of the FDIC\n                                                                Audit Committee.\n\n\n\n\n48\n                                                                                      \xe2\x98\x85 \xe2\x98\x85\n\x0c        FDIC Inspector General\n                                     \xe2\x98\x85\n     Involvement in IG Community\n    Over the last 6 months, the Inspector General (IG)\n    community has been very active in helping the govern-\n    ment achieve better results. As a whole, the community\n    has remained focused on various management initiatives\n    as well as issuing reports and responding to congres-\n    sional requests for information. The FDIC Inspector\n    General, who has served as the Vice Chair of the\n    President\xe2\x80\x99s Council on Integrity and Efficiency (PCIE)\n    since April 1999, has provided the leadership for the\n    community\xe2\x80\x99s efforts.\n\n    Over the last few months, the IG community has been\n\n\n\n\n\xe2\x98\x85\n    concentrating many of its activities on areas that would\n    facilitate agency efforts related to the President\xe2\x80\x99s\n    Management Agenda. For example, in the financial man-\n    agement arena, the IG community has worked on erro-\n    neous payments and accelerated reporting issues, and\n    produced a guide to review government purchase card\n    activity. In the areas of government performance, infor-\n    mation technology, and human capital, PCIE committees\n    and working groups continue to sponsor meetings and\n    forums to share expert experiences and best practices.\n\n    To enhance the IG community\xe2\x80\x99s ability to continue fulfill-\n    ing its mission, the PCIE co-hosted its annual conference\n    to highlight challenges facing the community and explore\n    ways to address them. During the 2-day conference, IGs\n    heard perspectives from members of the Administration\n    and agency officials, congressmen and congressional\n    staff, and the media on a cross-section of issues the IG\n    community faces internally as well as when working\n    with their agency heads.\n\n    Finally, the PCIE issued several documents over the last\n\n\n\n\n\xe2\x98\x85\n    6 months that contributed to good government. These\n    documents addressed our nation\xe2\x80\x99s critical infrastructure\n    protection, critical security, and government-wide man-\n    agement challenges. Several of these documents were\n    requested by congressional oversight committees to\n    augment their oversight abilities.\n\n\n\n\n                                                                 49\n\x0c                                    Table 1: Significant OIG Achievements\n                                        (April 2002 \xe2\x80\x93 September 2002)\n\n                              Audit and Evaluation Reports Issued                       22\n                              Questioned Costs and Funds Put to Better Use    $2.1 million\n                              Investigations Opened                                     23\n                              Investigations Closed                                     12\n                              OIG Subpoenas Issued                                      14\n                              Convictions                                               17\n                              Fines, Restitutions, and Monetary Recoveries    $820 million\n                              Hotline Allegations Referred                              15\n                              Allegations Closed                                        15\n                              Allegations Substantiated                                  1\n                              Proposed Regulations and Legislation Reviewed              1\n                              Proposed FDIC Policies Reviewed                           22\n                              Responses to Requests and Appeals under the\n                                Freedom of Information and Privacy Acts                13\n\n\n\n\n      Table 2: Nonmonetary Recommendations\n\n     April 2000 \xe2\x80\x93 September 2000                       74\n     October 2000 \xe2\x80\x93 March 2001                         90\n     April 2001 \xe2\x80\x93 September 2001                       34\n     October 2001 \xe2\x80\x93 March 2002                         68\n     April 2002 \xe2\x80\x93 September 2002                       73\n\n\n\n\n50\n\x0c                                     OIG Counsel Activities\n                                 (April 2002 \xe2\x80\x93 September 2002)\n\nThe Mission of the Office of Counsel\nThe Office of Counsel serves the legal needs of the OIG. To that end, Counsel\xe2\x80\x99s office provides the legal\nadvice and assistance on the entire range of issues that have faced, are facing, or will face the OIG. The\nOffice litigates personnel cases; provides advice and counsel on matters arising during the course of\naudits, investigations, and evaluations, including the legal sufficiency of reports; reviews, analyzes, and\ncomments on proposed or existing regulations or legislation, including recent banking legislation and\nimplementing regulations; communicates or negotiates with other entities; responds to Freedom of\nInformation Act and Privacy Act requests and appeals; prepares and enforces subpoenas for issuance by\nthe Inspector General; and coordinates with the Legal Division. Examples include:\nLitigation\nCounsel\xe2\x80\x99s Office has actively litigated or assisted in the litigation of 11 matters during the reporting peri-\nod. These matters involved claims brought before the Equal Employment Opportunity Commission and\nthe Merit Systems Protection Board, the \xe2\x80\x9cqui tam\xe2\x80\x9d provisions of the False Claims Act, and civil and crimi-\nnal cases in which OIG documents were sought in discovery. These matters are in addition to 12 matters\nthat are awaiting further action by the parties or rulings by the court or other adjudicatory bodies.\nAdvice and Counseling\nCounsel\xe2\x80\x99s Office provided advice and counseling, including written opinions on a number of issues,\nincluding closed bank matters; personnel issues including downsizing, reorganization, and mobility\nrequirements; use of travel and procurement cards; review of the Gramm-Leach-Bliley Act and FDIC\xe2\x80\x99s\nSpecial Examination Authority; investigative matters; contract interpretations; and various ethics-related\nmatters. In addition, Counsel\xe2\x80\x99s Office provided comments relative to the legal sufficiency of more than 20\naudit reports and evaluations.\nLegislation/Regulation Review\nCounsel\xe2\x80\x99s Office has carried out its responsibilities under the Inspector General Act to review proposed or\nexisting legislation and regulations. During this reporting period, Counsel\xe2\x80\x99s Office reviewed and provided\ncomments on one FDIC regulation.\nSubpoenas\nCounsel\xe2\x80\x99s Office prepared 14 subpoenas for issuance by the Inspector General during this reporting\nperiod.\nFreedom of Information Act/Privacy Act\nCounsel\xe2\x80\x99s Office responded to 13 requests under the Freedom of Information Act and the Privacy Act.\n\n\n\n\n                                                                                                            51\n\x0c                                                 Organization Chart\n\n\n\n                                                     Inspector General\n                                                     Gaston L. Gianni, Jr.                Counsel to the Inspector General\n\n                                                  Deputy Inspector General                            Fred W. Gibson\n                                                      Patricia M. Black\n\n\n\n\n                              Office of Audits                           Office of Investigations\n\n                         Assistant Inspector General                   Assistant Inspector General\n                                Russell A. Rau                              Samuel M. Holland\n\n\n\n\n     Office of Policy Analysis and                 Office of Management                   Office of Quality Assurance and\n       Congressional Relations                           and Policy                                  Oversight\n\n      Assistant Inspector General                Assistant Inspector General                   Assistant Inspector General\n         Rex Simmons (Acting)                           Rex Simmons                                Robert L. McGregor\n\n\n\n               Inspector General                                       Gaston L. Gianni, Jr.          202-416-2026\n               Deputy Inspector General                                Patricia M. Black              202-416-2474\n               Counsel to the Inspector General                        Fred W. Gibson                 202-416-2917\n               Assistant Inspector General for Audits                  Russell A. Rau                 202-416-2543\n               Assistant Inspector General for Investigations          Samuel Holland                 202-416-2912\n               Assistant Inspector General for\n               Management and Policy                                   Rex Simmons                    202-416-2483\n               Assistant Inspector General for\n               Quality Assurance and Oversight                         Robert L. McGregor             202-416-2501\n               Assistant Inspector General for Policy\n               Analysis and Congressional Relations                    Rex Simmons (Acting)           202-416-2483\n\n\n\n\n52\n\x0c                                                                          Figure 1: Products Issued and Investigations Closed\n\n\n                                      \xe2\x97\x8f   04/00 - 09/00* 20060\n                                      \xe2\x97\x8f   10/00 - 03/01*\n                                      \xe2\x97\x8f   04/01 - 09/01     50\n                                      \xe2\x97\x8f   10/01 - 03/02\n                                                            40\n                                      \xe2\x97\x8f   04/02 - 09/02\n\n                             *Includes products related                   30\n                             to OIG work that did not\n                             result in formally issued                    20\n                             audit or evaluation reports.\n                                                                          10\n\n                                                                           0\n                                                                                      Audits and                  Investigations\n                                                                                      Evaluations\n\n\n                        Figure 2: Questioned Costs/Funds Put to Better Use\n                                     (in millions)\n\n                     20012\n\xe2\x97\x8f   04/00 - 09/00\n\xe2\x97\x8f   10/00 - 03/01      10\n\xe2\x97\x8f   04/01 - 09/01*\n                                                     *None this period\n\n\n\n\n\xe2\x97\x8f   10/01 - 03/02       8\n\xe2\x97\x8f   04/02 - 09/02\n                        6\n\n                        4\n\n                        2\n\n                        0\n                                      Audits and Evaluations\n\n\n                                                                         Figure 3: Fines, Restitution, and Monetary Recoveries\n                                                                                   Resulting from OIG Investigations (in millions)\n\n                                                                   1000\n                                 \xe2\x97\x8f   04/00 - 09/00\n                                                                    900\n                                 \xe2\x97\x8f   10/00 - 03/01                                                          820\n                                                                    800\n                                 \xe2\x97\x8f   04/01 - 09/01\n                                 \xe2\x97\x8f   10/01 - 03/02                  700\n                                 \xe2\x97\x8f   04/02 - 09/02                  600                               536\n                                                                    500\n                                                                    400\n                                                                    300\n                                                                    200\n                                                                    100                   67\n                                                                                   10.7        11.8\n                                                                      0\n\n\n                                                                                                                                     53\n\x0c Reporting Terms and Requirements\n Index of Reporting Requirements - Inspector General Act of 1978, as amended\n\n     Reporting Requirement                                             Page\n\n     Section 4(a)(2): Review of legislation and regulations              51\n\n     Section 5(a)(1): Significant problems, abuses, and deficiencies   11-32\n\n     Section 5(a)(2): Recommendations with respect to\n\n      significant problems, abuses, and deficiencies                   11-32\n\n     Section 5(a)(3): Recommendations described in previous\n\n      semiannual reports on which corrective action has not\n\n      been completed                                                     56\n\n     Section 5(a)(4): Matters referred to prosecutive authorities        33\n\n     Section 5(a)(5) and 6(b)(2): Summary of instances where\n\n      requested information was refused                                  63\n\n     Section 5(a)(6): Listing of audit reports                           59\n\n     Section 5(a)(7): Summary of particularly significant reports      11-32\n\n     Section 5(a)(8): Statistical table showing the total number of\n\n      audit reports and the total dollar value of questioned costs       61\n\n     Section 5(a)(9): Statistical table showing the total number of\n\n      audit reports and the total dollar value of recommendations\n\n      that funds be put to better use                                    62\n\n     Section 5(a)(10): Audit recommendations more than 6 months\n\n      old for which no management decision has been made                 63\n\n     Section 5(a)(11): Significant revised management decisions\n\n      during the current reporting period                                63\n\n     Section 5(a)(12): Significant management decisions with\n\n     which the OIG disagreed                                             63\n\n\n\n\n54\n\x0cReader\xe2\x80\x99s Guide to Inspector General                                                   Once management has disallowed a cost and, in effect,\n                                                                                      sustained the auditor\xe2\x80\x99s questioned costs, the last step in\nAct Reporting Terms                                                                   the process takes place which culminates in the \xe2\x80\x9cfinal\nWhat Happens When Auditors Identify Monetary\n                                                                                      action.\xe2\x80\x9d As defined in the Inspector General Act, final\nBenefits?\n                                                                                      action is the completion of all actions that management\nOur experience has found that the reporting terminolo-\n                                                                                      has determined, via the management decision process,\ngy outlined in the Inspector General Act of 1978, as\n                                                                                      are necessary to resolve the findings and recommenda-\namended, often confuses people. To lessen such confu-\n                                                                                      tions included in an audit report. In the case of disal-\nsion and place these terms in proper context, we pres-\n                                                                                      lowed costs, management will typically evaluate factors\nent the following discussion:\n                                                                                      beyond the conditions in the audit report, such as qual-\nThe Inspector General Act defines the terminology and                                 itative judgements of value received or the cost to liti-\nestablishes the reporting requirements for the identifi-                              gate, and decide whether it is in the Corporation\xe2\x80\x99s best\ncation and disposition of questioned costs in audit                                   interest to pursue recovery of the disallowed costs. The\nreports. To understand how this process works, it is                                  Corporation is responsible for reporting the disposition\nhelpful to know the key terms and how they relate to                                  of the disallowed costs, the amounts recovered, and\neach other.                                                                           amounts not recovered.\n\nThe first step in the process is when the audit report                                Except for a few key differences, the process for reports\n                               \xe2\x96\xbc\nidentifying questioned costs is issued to FDIC man-                                   with recommendations that funds be put to better use\nagement. Auditors question costs because of an alleged                                is generally the same as the process for reports with\nviolation of a provision of a law, regulation, contract,                              questioned costs. The audit report recommends an\ngrant, cooperative agreement, or other agreement or                                   action that will result in funds to be used more effi-\ndocument governing the expenditure of funds. In addi-                                 ciently rather than identifying amounts that may need\ntion, a questioned cost may be a finding in which, at                                 to be eventually recovered. Consequently, the manage-\nthe time of the audit, a cost is not supported by ade-                                ment decisions and final actions address the imple-\nquate documentation; or, a finding that the expenditure                               mentation of the recommended actions and not the dis-\nof funds for the intended purpose is unnecessary or                                   allowance or recovery of costs.\nunreasonable.\n\nThe next step in the process is for FDIC management\nto make a decision about the questioned costs. The\nInspector General Act describes a \xe2\x80\x9cmanagement deci-\nsion\xe2\x80\x9d as the final decision issued by management after\nevaluation of the finding(s) and recommendation(s)\nincluded in an audit report, including actions deemed\nto be necessary. In the case of questioned costs, this\nmanagement decision must specifically address the\nquestioned costs by either disallowing or not disallow-\ning these costs. A \xe2\x80\x9cdisallowed cost,\xe2\x80\x9d according to the\nInspector General Act, is a questioned cost that man-\nagement, in a management decision, has sustained or\nagreed should not be charged to the government.\n\n\n\n\xe2\x96\xbc\n    It is important to note that the OIG does not always expect 100 percent recovery of all costs questioned.\n\n\n\n                                                                                                                                       55\n\x0c     Appendix I: Statistical\n     Information Required by\n     the Inspector General Act of\n\n\n\n\n     \xe2\x98\x85\n     1978, as amended\n\n\n\n\n\xe2\x98\x85\n     Table I.1: Significant\n     Recommendations From Previous\n     Semiannual Reports on Which\n     Corrective Actions Have Not Been\n     Completed\n     This table shows the corrective actions management has\n     agreed to implement but has not completed, along with\n     associated monetary amounts. In some cases, these cor-\n     rective actions are different from the initial recommen-\n     dations made in the audit reports. However, the OIG\n     has agreed that the planned actions meet the intent of\n     the initial recommendations. The information in this\n     table is based on information supplied by the FDIC\xe2\x80\x99s\n     Office of Internal Control Management (OICM). These\n     33 recommendations from 9 reports involve monetary\n     amounts of over $11 million. OICM has categorized the\n     status of these recommendations as follows:\n     Management Action in Process: (13 recommen-\n     dations from 6 reports)\n     Management is in the process of implementing the cor-\n     rective action plan, which may include modifications to\n     policies, procedures, systems or controls; issues involv-\n     ing monetary collection; and settlement negotiations in\n     process.\n     Litigation: (20 recommendations from 3 reports,\n     $11 million)\n     Each case has been filed and is considered \xe2\x80\x9cin litiga-\n     tion.\xe2\x80\x9d The Legal Division will be the final determinant\n     for all items so categorized.\n\n\n\n\n56\n\x0cReport Number,                                Significant      Brief Summary of Planned\nTitle,                                        Recommendation   Corrective Actions and\nand Date                                      Number           Associated Monetary Amounts\n\nManagement Action In Process\n\n01-011                                                         Develop an E-government implementation plan that uses the\nDevelopment of the FDIC\xe2\x80\x99s Public              3                Office of Management and Budget\xe2\x80\x99s guidelines for the\nKey Infrastructure                                             implementation of the Government Paperwork\nMay 24, 2001                                                   Elimination Act.\n\nEVAL-01-002                                   2                Assess the need to complete new Position Designation\nFDIC\xe2\x80\x99s Background Investigation                                Records for position risk designations where FDIC divisions\nProcess for Prospective and                                    and offices inconsistently applied U.S. Office of Personnel\nCurrent Employees                                              Management criteria in making the designations.\nAugust 17, 2001\n\n                                              3                Re-designate position sensitivity levels for examiner\n                                                               positions to reflect their public trust responsibilities.\n\n                                              4                Alert the Security Management Section of all personnel\n                                                               assignments to positions where users have access to\n                                                               sensitive computer systems or data.\n\n                                              5                Ensure that new Information Security Manager positions are\n                                                               properly designed and appropriate background checks\n                                                               are performed.\n\n                                              7                Establish a specific schedule to update the Corporation\xe2\x80\x99s\n                                                               employee security database, Employee Background\n                                                               Investigation Tracking System.\n\n01-024                                        1                Update both the Unclaimed Deposits Reporting System and\nFDIC\xe2\x80\x99s Identification of and Accounting for                    the Corporate Accounts Receivable Management System\nUnclaimed Deposits Transferred to State                        with all unclaimed deposits that the FDIC transferred to\nUnclaimed Property Agencies                                    state unclaimed property agencies and ensure that the two\nDecember 5, 2001                                               systems agree.\n\n                                              2                Reconcile the variance between the FDIC\xe2\x80\x99s unclaimed\n                                                               deposits transferred to states and the state-reported\n                                                               unclaimed deposits received.\n\n                                              5                Maintain an accurate automated system of accounting\n                                                               for unclaimed deposits transferred to state unclaimed\n                                                               property agencies.\n\n\n\n\n                                                                                                                           57\n\x0cReport Number,                            Significant      Brief Summary of Planned\nTitle,                                    Recommendation   Corrective Actions and\nand Date                                  Number           Associated Monetary Amounts\n\nManagement Action In Process\n\n02-002                                    4                Include lessons learned from the Superior resolution in DRR\xe2\x80\x99s\nLeast Cost Decision of Superior Bank                       proposed Lessons Learned study concerning unique situations\nand Liquidation of Remaining                               encountered from DRR\xe2\x80\x99s resolution activities.\nReceivership Assets\nFebruary 8, 2002\n02-006                                    2                Develop a process providing for a reconciliation of restitution\nDRR\xe2\x80\x99s Efforts to Facilitate Collections                    orders listed in the Division of Liquidation Locating and Reporting\non Criminal Restitution Orders                             System with the Clerks of the U.S. District Court.\nMarch 5, 2002\n\n02-014                                    1                Determine the total January 1998 through August 2001 amounts\nCapitalization of Internal-Use                             not included in the internal-use software costs and assess the\nSoftware Development Costs                                 need to adjust the general ledger for dollar amounts omitted.\nMarch 29, 2002\n\n                                          2                Clarify the FDIC\xe2\x80\x99s policy to capture all internal-use software costs\n                                                           incurred by all divisions/offices and provide guidance to employees\n                                                           required to account for time based on this information.\n\nLitigation\n\n95-032                                    5                Recover $5,259,285 from the association for noncompliance\nLocal America Bank, F.S.B.,                                with the tax benefits provisions of the assistance\nAssistance Agreement                                       agreement.\nMarch 24, 1995\n96-014                                    1, 4-16          Recover $4,526,389 of assistance paid to Superior Bank.\nSuperior Bank, F.S.B., Assistance\nAgreement, Case Number C-389c\nFebruary 16, 1996\n\n98-026                                    2, 3, 4, 6       Recover $1,220,470 of assistance paid to Superior Bank.\nAssistance Agreement Audit of\nSuperior Bank, Case Number C-389c         11               Compute the effect of understated Special Reserve Acccount\nMarch 9, 1998                                              for Payments in Lieu of Taxes and remit any amounts due\n                                                           to the FDIC.\n\n\n\n\n58\n\x0cTable 1.2: Audit Reports Issued by Subject Area\n                     Audit Report                                          Questioned Costs           Funds Put To\nNumber and                                                                                            Better\nDate                 Title                                       Total                  Unsupported   Use\nSupervision and Insurance\n\nEVAL-02-003          Joint Evaluation of the Federal\nJune 21, 2002        Financial Institutions Examination\n                     Council\n\n02-025               DOS\xe2\x80\x99s Implementation of Gramm-Leach-\nJuly 31, 2002        Bliley Act Provisions\n\n02-033               Statistical CAMELS Offsite Rating\nSeptember 26, 2002   Review Program for FDIC-Supervised\n                     Banks\n\nReceivership and Legal Affairs\n\n02-017               Asset Valuation Review (AVR) Process\nApril 30, 2002       for Sinclair National Bank\n\n02-019               Professional Liability Claims Process\nMay 31, 2002\n\n02-024               Marketing and Resolution of Superior        $28,043\nJuly 24, 2002        Federal, FSB (New Superior)\n\n02-032               Receivership Termination Activity\nSeptember 20, 2002\n\nInformation Assurance\n\n02-023               Internal and Security Controls Related to\nJuly 31, 2002        the General Examination System (GENESYS)\n\n02-026               Network Operations Vulnerability\nAugust 9, 2002       Assessment\n\n02-027               Computer Security Incident Response\nAugust 28, 2002      Team Activities\n\n02-031               Independent Evaluation of the FDIC\xe2\x80\x99s\nSeptember 11, 2002   Information Security Program - 2002\n\n02-035               Information Security\nSeptember 30, 2002   Management of FDIC Contractors\n\n\n\n\n                                                                                                            59\n\x0c                          Audit Report                                                   Questioned Costs                 Funds Put To\nNumber and                                                                                                                Better\nDate                     Title                                                Total                         Unsupported   Use\nResource Management\n\nEVAL-02-002               Physical Security for the FDIC\xe2\x80\x99s\nMay 31, 2002              Washington, D.C. Area Facilities\n\n02-016                    FDIC\xe2\x80\x99s Assessment of Corrective Action\nJuly 24, 2002             Work Performed by Third-Party\n                          Contractors\n\n02-022                    Review of the FDIC\xe2\x80\x99s Strategy for Managing\nJune 14, 2002             Improper Payments\n\n02-030                    FDIC Travel Card Program\nAugust 30, 2002\n\nEVAL-02-004               Physical Security for the FDIC\xe2\x80\x99s\nSeptember 23, 2002        Regional and Field Offices\n\nPost-award Contracts Audits\n\n02-018                    Billing Review of ABACUS                            $313,318\nMay 21, 2002              Technology Corporation\n\n02-029\n                                                     a\nAugust 30, 2002           Post-award Contract Audit                           $215,174\n\nPreaward Reviews\n\n02-020                    Preaward Contract Review\nMay 31, 2002\n\n02-021                    Preaward Contract Review\nJune 14, 2002\n\n02-028                    Preaward Contract Review\nAugust 23, 2002\n\nOther Activity\n\nNot Numbered b            Undelivered State Tax Refunds\nAugust 26, 2002           Belonging to FDIC-Managed                                                                       $1,559,418\n                          Failed Financial Institutions\n\nTOTALS FOR THE PERIOD                                                         $556,535                                    $1,559,418\n\na\nManagement response not due until October 30, 2002.\nb\nThis memorandum was a follow-up to our December 6, 2001, memorandum concerning our review of undelivered tax refunds.\n.\n\n\n    60\n\x0cTable 1.3: Audit Reports Issued with Questioned Costs\n                                                                                                              Questioned Costs\n                                                                                 Number\n                                                                                                     Total                          Unsupported\nA. For which no management decision                                                  0                  0                               0\n   has been made by the commencement\n   of the reporting period.\n\nB. Which were issued during the reporting period.                                    3              556,535                             0\n\nSubtotals of A & B                                                                   3              556,535                             0\n\nC. For which a management decision was made\n   during the reporting period.                                                     2               341,361                             0\n   (i) dollar value of disallowed costs.                                            2                62,969                             0\n   (ii) dollar value of costs not disallowed.                                       1 \xe2\x96\xbc\n                                                                                                    278,392                             0\n\nD. For which no management decision has been made\n                                                                                      \xe2\x99\xa6\n   by the end of the reporting period.                                              1               215,174                             0\n\n    Reports for which no management decision was made                                0                 0                                0\n    within 6 months of issuance.\n\n\n\n\n\xe2\x96\xbc\n  The one report included on the line for costs not disallowed is also included in the line for costs disallowed, because management did not agree with\n  some of the questioned costs.\n\xe2\x99\xa6\n  Management response not due until October 30, 2002.\n\n\n\n\n                                                                                                                                            61\n\x0cTable 1.4: Audit Reports Issued with Recommendations for Better Use of Funds\n                                                                         Number                              Dollar Value\nA. For which no management decision has been\n   made by the commencement of the reporting period.                      0                                      0\n\nB. Which were issued during the reporting period.                         1                                 1,559,418\n\nSubtotals of A & B                                                        1                                 1,559,418\n\nC. For which a management decision was made\n   during the reporting period.                                           0                                      0\n   (i) dollar value of recommendations that were\n        agreed to by management.                                          0                                      0\n        - based on proposed management action.                            0                                      0\n        - based on proposed legislative action.                           0                                      0\n   (ii) dollar value of recommendations that were\n        not agreed to by management.                                      0                                      0\n\nD. For which no management decision has\n   been made by the end of the reporting period.                         1\xe2\x96\xb2                                 $1,559,418\n\n      Reports for which no management decision was\n      made within 6 months of issuance.                                   0                                       0\n\n\n\n\n\xe2\x96\xb2\n    These Funds Put to Better Use were identified in a memorandum to management regarding undelivered tax refunds. See page 32 of the report.\n\n\n\n\n62\n\x0cTable 1.5: Status of OIG Recommendations Without Management Decisions\nDuring this reporting period, there were no recommendations without management decisions.\n\n\n\nTable 1.6: Significant Revised Management Decisions\nDuring this reporting period, there were no significant revised management decisions.\n\n\n\nTable I.7: Significant Management Decisions with Which the OIG Disagreed\nDuring this reporting period, there were no significant management decisions with which the OIG disagreed.\n\n\n\nTable I.8: Instances Where Information Was Refused\nDuring this reporting period, there were no instances where information was refused.\n\n\n\n\n                                                                                                       63\n\x0cAbbreviations and Acronyms\n\nAICPA    American Institute of Certified Public   GENESYS       General Examination System\n         Accountants\n                                                  GISRA         Government Information Security\nAPM      Acquisition Policy Manual                              Reform Act\n\nAVR      Asset Valuation Review                   GLBA          Gramm-Leach-Bliley Act\n\nBIF      Bank Insurance Fund                      HCSB          Hartford-Carlisle Savings Bank\n\nCD       Certificates of Deposit                  HRC           Human Resources Committee\n\nCIO      Chief Information Officer                IFS           Institution for Savings\n\nCPICP    Capital Planning and Investment          IG            Inspector General\n         Control Process\n                                                  IRS           Internal Revenue Service\nCSIRT    Computer Security Incident\n         Response Team                            IT            Information Technology\n\nDIRM     Division of Information                  MWSB          Murphy Wall State Bank\n         Resources Management\n                                                  NVST          Network Vulnerability Scanning Tool\nDOA      Division of Administration\n                                                  OCC           Office of the Comptroller of the\nDOS      Division of Supervision                                Currency\n\nDRR      Division of Resolutions and              OI            Office of Investigations\n         Receiverships\n                                                  OICM          Office of Internal Control Management\nDSC      Division of Supervision and\n         Consumer Protection                      OIG           Office of Inspector General\n\nEBISS    Executive Branch Information             OMB           Office of Management and Budget\n         Systems Security\n                                                  OTS           Office of Thrift Supervision\nECIE     Executive Council on Integrity\n         and Efficiency                           PCIE          President\xe2\x80\x99s Council on Integrity\n                                                                and Efficiency\nFBI      Federal Bureau of Investigation\n                                                  PwC           PricewaterhouseCoopers Consulting\nFDIC     Federal Deposit Insurance Corporation\n                                                  Results Act   Government Performance and Results\nFFIEC    Federal Financial Institutions                         Act\n         Examination Council\n                                                  RTC           Resolution Trust Corporation\nFRB      Federal Reserve Board\n                                                  SAIF          Savings Association Insurance Fund\nGAAS     Generally Accepted Auditing Standards\n                                                  SCOR          Statistical CAMELS Offsite Rating\nGAO      U.S. General Accounting Office\n\nAbbreviations and Acronyms\n\n\n64\n\x0cCongratulations to PCIE Award                          Award for Excellence - PCIE Audit Committee\n                                                       Peer Review Working Group\nRecipients!                                            In recognition of outstanding efforts and diligent work\nJoint PCIE/ECIE Award for Excellence -                 as a member of the PCIE Audit Committee working\nEmerging Issues Symposium Team\n                                                       group to improve the quality and effectiveness of the\nFor hard work and innovation while working together\n                                                       peer review process through the revision and update of\nto organize an Emerging Issues Symposium for the\n                                                       the PCIE Peer Review Guide\nOffices of Inspector General of the Federal Deposit\nInsurance Corporation, the Department of the            \xe2\x80\xa2 Ted Baca\nTreasury, and the Board of Governors of the Federal\nReserve System                                         Individual Accomplishment Award\n                                                       For sustained exemplary performance as liaisons for\n \xe2\x80\xa2 Thomas J. Mroczko                                   the PCIE Vice Chair and the Inspector General\n                                                       Community\n \xe2\x80\xa2 Tiffani P. Kinzer\n                                                        \xe2\x80\xa2 Magdaleno Velasquez\n \xe2\x80\xa2 H. Vernon Davis (formerly with FDIC OIG, now\n   retired)                                             \xe2\x80\xa2 Leslee A. Bollea\n \xe2\x80\xa2 Leslye K. Burgess (formerly with FDIC OIG, now\n   with Treasury OIG)\nAward for Excellence - Superior Bank Review\nTeam\nFor outstanding work performed on the Review of\nIssues Related to the Failure of Superior Bank, FSB,\nHinsdale, Illinois\n\n \xe2\x80\xa2 Michael R. Lombardi\n \xe2\x80\xa2 Philip B. Anderson\n \xe2\x80\xa2 John J. Colantoni                                                                        IG Gianni with T. Kinzer (l.) and\n                                                                                            L. Burgess (r.), members of the\n \xe2\x80\xa2 Jeffrey B. Smullen                                                                       Emerging Issues Symposium team.\n\n \xe2\x80\xa2 James F. Misch\n \xe2\x80\xa2 Danial J. Olberding\n \xe2\x80\xa2 H. Vernon Davis (formerly with FDIC OIG, now\n   retired)\n\n \xe2\x80\xa2 Leslye K. Burgess (formerly with FDIC OIG, now\n   with Treasury OIG)\n                                                                   IG Gianni with members of the Superior Bank team. Left to\n                                                                   right - P. Anderson, J. Smullen, IG Gianni, and L. Burgess.\n\n\n\n\n                                                                                                                     65\n\x0c"